| Risk Level | Number of Alerts |
|---|---|
|
High
|
1
|
|
Medium
|
8
|
|
Low
|
10
|
|
Informational
|
13
|
|
False Positives:
|
0
|
|
High |
PII Disclosure |
|---|---|
| Description |
The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.
|
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 2483579572044704 |
| Other Info | Credit Card Type detected: Mastercard |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 4363402370567704 |
| Other Info | Credit Card Type detected: Visa Bank Identification Number: 436340 Brand: VISA Category: Issuer: |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | 5337109127354704 |
| Other Info | Credit Card Type detected: Mastercard Bank Identification Number: 533710 Brand: MASTERCARD Category: Issuer: SUMITOMO MITSUI CARD CO., LTD. |
| Instances | 3 |
| Solution |
Check the response for the potential presence of personally identifiable information (PII), ensure nothing sensitive is leaked by the application.
|
| Reference | |
| CWE Id | 359 |
| WASC Id | 13 |
| Plugin Id | 10062 |
|
Medium |
Absence of Anti-CSRF Tokens |
|---|---|
| Description |
No Anti-CSRF tokens were found in a HTML submission form.
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.
CSRF attacks are effective in a number of situations, including:
* The victim has an active session on the target site.
* The victim is authenticated via HTTP auth on the target site.
* The victim is on the same local network as the target site.
CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
|
| URL | https://www.amazon.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E1HJY |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E1NYI |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E1Q5Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E1TOM |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E1WYO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E204K |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E236A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E260I |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E28WO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E2BC6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E2DPQ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E2GU8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E2J14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/B00M3E2LOE |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/gcrnsts |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/sim/B001132UEE |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/sim/B001132UEE |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/*/sim/B001132UEE?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/*/sim/B001132UEE?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/-/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/-/en$ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/-/es/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/-/he$ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/-/he/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/-/zh_TW$ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/-/zh_TW/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/1.5x |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/132-3165371-6872408?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/139_QL70_.jpg |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/145-5865731-3714800?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/2.5000x |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/2.5x |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/208.5_QL70_.jpg |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/2192_AC_SX139_SY100_QL70_.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/2192_AC_SX208.5_SY150_QL70_.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/2192_AC_SX278_SY200_QL70_.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/278_QL70_.jpg |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/400_AC_SX139_SY100_QL70_.jpg |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/400_AC_SX208.5_SY150_QL70_.jpg |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/400_AC_SX278_SY200_QL70_.jpg |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/403_AC_SX139_SY100_QL70_.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/403_AC_SX208.5_SY150_QL70_.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/403_AC_SX278_SY200_QL70_.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/404 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/?_encoding=UTF8&ref_=sv_dmusic_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/?_encoding=UTF8&ref_=sv_dmusic_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/?_encoding=UTF8&ref_=sv_dmusic_7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/?ref_=footer_logo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="prime-up-signup-form" method="post" action="/gp/prime/pipeline/confirm?offerToken=GoSewu-v8EjIusyczL0ZrFKcNK_xnlh1KVX9L7isgNducRYmitIQHcP-ynDfqshRzCDQfEOrEgcVpesqFPmTvw1dCXICZ6wmuKMe2L0j_Q9y--1dTxXr_WerMHWImIr_nHQWisuLkm_EQgE2hzGxEBC68gpiOg0ADGFkz83tlwdRBB8YmaE5Bj6muOveWngeXqQ7s2ZhJB-pLM3MpRKrquCIDADphfJ0H5TkSZBrR6I8zMfjaHD19HX2ENAA6LiUjNkywKc4UCjlXNBSd_RYH9nrKCQcCt44Go9HpS1jJ6KBkIdj-Wf4_Ad6VUdtWtQnPb4EGUEn7GAfDAuJ9dnZV83A5EufgHZ7LzUUkYuB8A4oZ4yVLYGiQjdot6Rw91C6bKbpkkIW_vF04l3k4ltYhcYPHE50kz-YE13cS0Ekhsv3I6dT15gRUHS1tkQ7cggxPQd1v3AKnUOEiq_N3YIsi3qOohDh2IL6dFeQ2wu2LcTfRzE1Z5JYuQx4af9bJyGBmtP-pNtfpu6NgB2n14mg3GUTUOmBJeaqxQtXOKLC9xOGfA1HJ8YPWnwVBIgewnXF0C3UIAEZ6URL9BmLpDamkWgU7AdlBIWk8pn-0I-lj2u0AUgegLWkFM0JLtLEycZfjS4Dv5tLsBYFBh7nfUiy2r-DmAGrKp6xuDFja8QuzVkoIZMuPXNWEMl16MovvPz8VSLvDMHdyA4" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "cancelRedirectURL" "locationID" "offerToken" "previousContainerRequestId" "primeCampaignId" "redirectURL" ]. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="prime-up-signup-form" method="post" action="/gp/prime/pipeline/confirm?offerToken=GoSewu-v8EjIusyczL0ZrFKcNK_xnlh1KVX9L7isgNducRYmitIQHcP-ynDfqshRzCDQfEOrEgcVpesqFPmTvw1dCXICZ6wmuKMe2L0j_Q9y--1dTxXr_WerMHWImIr_nHQWisuLkm_EQgE2hzGxEBC68gpiOg0ADGFkz83tlwdRBB8YmaE5Bj6muOveWngeXqQ7s2ZhJB-pLM3MpRKrquCIDADphfJ0H5TkSZBrR6I8zMfjaHD19HX2ENAA6LiUjNkywKc4UCjlXNBSd_RYH9nrKCQcCt44Go9HpS1jJ6KBkIdj-Wf4_Ad6VUdtWtQnPb4EGUEn7GAfDAuJ9dnZV83A5EufgHZ7LzUUkYuB8A4oZ4yVLYGiQjdot6Rw91C6bKbpkkIW_vF04l3k4ltYhcYPHE50kz-YE13cS0Ekhsv3I6dT15gRUHS1tkQ7cggxPQd1v3AKnUOEiq_N3YIsi3qOohDh2IL6dFeQ2wu2LcTfRzE1Z5JYuQx4af9bJyGBmtP-pNtfpu6NgB2n14mg3GUTUOmBJeaqxQtXOKLC9xOGfA1HJ8YPWnwVBIgewnXF0C3UIAEZ6URL9BmLpDamkWgU7AdlBIWk8pn-0I-lj2u0AUgegLWkFM0JLtLEycZfjS4Dv5tLsBYFBh7nfUiy2r-DmAGrKp6xuDFja8QuzVkoIZMuPXNWEMl16MovvPz8VSLvDMHdyA4" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "cancelRedirectURL" "locationID" "offerToken" "previousContainerRequestId" "primeCampaignId" "redirectURL" ]. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="ap_register_form" name="register" method="post" novalidate action="https://www.amazon.com/ap/register" class="ap_ango_default auth-validate-form-moa auth-real-time-validation"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_customer_name" "ap_email" "ap_password" "ap_password_check" "appAction" "appActionToken" "continue" "openid.return_to" "prevRID" "workflowState" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="ap_register_form" name="register" method="post" novalidate action="https://www.amazon.com/ap/register" class="ap_ango_default auth-validate-form-moa auth-real-time-validation"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_customer_name" "ap_email" "ap_password" "ap_password_check" "appAction" "appActionToken" "continue" "openid.return_to" "prevRID" "workflowState" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="ap_register_form" name="register" method="post" novalidate action="https://www.amazon.com/ap/register" class="ap_ango_default auth-validate-form-moa auth-real-time-validation"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_customer_name" "ap_email" "ap_password" "ap_password_check" "appAction" "appActionToken" "continue" "openid.return_to" "prevRID" "workflowState" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="ap_register_form" name="register" method="post" novalidate action="https://www.amazon.com/ap/register" class="ap_ango_default auth-validate-form-moa auth-real-time-validation"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_customer_name" "ap_email" "ap_password" "ap_password_check" "appAction" "appActionToken" "continue" "openid.return_to" "prevRID" "workflowState" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="ap_register_form" name="register" method="post" novalidate action="https://www.amazon.com/ap/register" class="ap_ango_default auth-validate-form-moa auth-real-time-validation"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_customer_name" "ap_email" "ap_password" "ap_password_check" "appAction" "appActionToken" "continue" "openid.return_to" "prevRID" "workflowState" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="ap_register_form" name="register" method="post" novalidate action="https://www.amazon.com/ap/register" class="ap_ango_default auth-validate-form-moa auth-real-time-validation"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_customer_name" "ap_email" "ap_password" "ap_password_check" "appAction" "appActionToken" "continue" "openid.return_to" "prevRID" "workflowState" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="ap_register_form" name="register" method="post" novalidate action="https://www.amazon.com/ap/register" class="ap_ango_default auth-validate-form-moa auth-real-time-validation"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_customer_name" "ap_email" "ap_password" "ap_password_check" "appAction" "appActionToken" "continue" "openid.return_to" "prevRID" "workflowState" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="ap_register_form" name="register" method="post" novalidate action="https://www.amazon.com/ap/register" class="ap_ango_default auth-validate-form-moa auth-real-time-validation"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_customer_name" "ap_email" "ap_password" "ap_password_check" "appAction" "appActionToken" "continue" "openid.return_to" "prevRID" "workflowState" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="ap_register_form" name="register" method="post" novalidate action="https://www.amazon.com/ap/register" class="ap_ango_default auth-validate-form-moa auth-real-time-validation"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_customer_name" "ap_email" "ap_password" "ap_password_check" "appAction" "appActionToken" "continue" "openid.return_to" "prevRID" "workflowState" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin/ref=cart_empty_sign_in?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcart%3Fapp-nav-type%3Dnone%26dc%3Ddf |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dfooter_yo&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_AccountFlyout_orders&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_orders_first&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_email" "ap_password" "appAction" "appActionToken" "create" "encryptedPasswordExpected" "openid.return_to" "prevRID" "rememberMe" "signInSubmit" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?language=EN_US&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcreatorhub |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?language=EN_US&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcreatorhub%2F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-clearable-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_email" "ap_password" "ap_show_password_checked" "appAction" "appActionToken" "auth-show-password-checkbox" "encryptedPasswordExpected" "giveFocusOnMobileToFirstControlFailingValidation" "openid.return_to" "prevRID" "rememberMe" "signInSubmit" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_psr_desktop_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fspr%2Freturns%2Fhomepage%2Fhomepage.html%3Fref_%3Dfooter_hy_f_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_subscribe_save_myd_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fauto-deliveries%2Fviewsubscriptions%3Fref_%3Dnav_AccountFlyout_sns |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap_email" "ap_password" "appAction" "appActionToken" "create" "encryptedPasswordExpected" "openid.return_to" "prevRID" "rememberMe" "signInSubmit" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_wishlist_desktop_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=900&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fls&pageId=Amazon |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="signIn" method="post" novalidate action="https://www.amazon.com/ap/signin" class="auth-validate-form auth-real-time-validation a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "ap-credential-autofill-hint" "ap_email" "appAction" "appActionToken" "continue" "create" "openid.return_to" "prevRID" "subPageType" "workflowState" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ASUS-NVIDIA-GeForce-Graphics-DisplayPort/dp/B0BQTVQQP4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0BQTVQQP4&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&ld=AZUSSOA-sell&node=12766669011&ref_=nav_cs_sell |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/b/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/b?*node=7454898011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b?*node=7454917011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b?*node=7454927011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b?*node=7454939011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b?*node=9052533011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/baby-reg/homepage/?_encoding=UTF8&ref_=sv_wl_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/baby-reg/homepage/ref=wl_hz_intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/baby-reg/homepage?ie=UTF8&ref_=sv_cm_gft_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/baby-reg/search-results |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/Bac-Zap-Odor-Eliminator-1_gallon/dp/B007MCJJWE/ref=sr_1_29?keywords=ZAP&qid=1701867726&sr=8-29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Barbie-DreamHouse-Furniture-Accessories-Wheelchair-Accessible/dp/B08V1R73H9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B08V1R73H9&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/business/register/org/landing?ref_=footer_retail_b2b |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="" autocomplete="off" class="aok-hidden all-offers-display-params"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "all-offers-display-params" "all-offers-display-reload-param" ]. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="" autocomplete="off" class="aok-hidden all-offers-display-params"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "all-offers-display-params" "all-offers-display-reload-param" ]. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=pd_bxgy_crt?_encoding=UTF8&pd_rd_w=gDCGm&content-id=amzn1.sym.839d7715-b862-4989-8f65-c6f9502d15f9&pf_rd_p=839d7715-b862-4989-8f65-c6f9502d15f9&pf_rd_r=SAD5M4QCABFG9J6DVCM0&pd_rd_wg=ujt1v&pd_rd_r=c57bf6e5-21a7-4e59-b9d3-f2998f0b653f" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "ue_back" ]. |
| URL | https://www.amazon.com/Chispee-Finishing-Weaving-Leather-Melting/dp/B0CHK2D5PM/ref=sr_1_36?keywords=ZAP&qid=1701867726&sr=8-36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="twister" method="get" action="/gp/product" class="a-spacing-small"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ASIN" "dummySubmitButton" "twisterDimKeys" "twisterNonJs" ]. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="" autocomplete="off" class="aok-hidden all-offers-display-params"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "all-offers-display-params" "all-offers-display-reload-param" ]. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="" autocomplete="off" class="aok-hidden all-offers-display-params"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "all-offers-display-params" "all-offers-display-reload-param" ]. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=pd_day0fbt_softlines_crt?_encoding=UTF8&pd_rd_w=qGYF4&content-id=amzn1.sym.2279ea12-5619-4202-8979-7016a550b5be&pf_rd_p=2279ea12-5619-4202-8979-7016a550b5be&pf_rd_r=8HZK0SF0SPP8EBRNC36C&pd_rd_wg=48BHu&pd_rd_r=c28b73fa-d724-4946-8678-c1246405ac04" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "ue_back" ]. |
| URL | https://www.amazon.com/Cleansing-Conditioner-Treatment-Sulfur-Greasy/dp/B08WCMNBWC/ref=sr_1_31?keywords=ZAP&qid=1701867726&sr=8-31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" id="international-customer-select-preferences-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "lop" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/customer-preferences/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/Ding-Zap-Falcones-Emergency-Repair/dp/B0BF7NXYMG/ref=sr_1_41?keywords=ZAP&qid=1701867726&sr=8-41 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/dp/B07984JN3L?ie=UTF-8&plattr=ACOMFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/dp/B088R7QF3J?binding=kindle_edition&qid=1701867726&ref_=dbs_s_aps_series_rwt_tkin&searchxofy=true&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/dp/e-mail-friend/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/dp/manual-submit/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/dp/product-availability/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/dp/rate-this-item/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/dp/shipping/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/dp/twister-update/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/EIOTCLUB-Prepaid-LTE-Cellular-Card/dp/B096X8471C/ref=nta-top-sellers_d_sccl_1_8/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Electric-Mosiller-Rechargeable-Powerful-Mosquitoes/dp/B09Q8W67XQ/ref=sr_1_57?keywords=ZAP&qid=1701867726&sr=8-57 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Electric-Swatter-Racket-Rechargeable-Charging/dp/B08GWRCQKJ/ref=sr_1_55?keywords=ZAP&qid=1701867726&sr=8-55 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Electric-Swatter-Rechargeable-Attractant-Charging/dp/B085DNM6JC/ref=sr_1_6?keywords=ZAP&qid=1701867726&sr=8-6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Episode-2/dp/B091F259D2/ref=sr_1_47?keywords=ZAP&qid=1701867726&sr=8-47 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=%2Bw%2BSZ5NKCNicxUMlC%2Bk0dQ%3D%3D&amzn-r=%2Fref%3Dnav_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=%2F3fuOxEhwt63ufV6T0bxcA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=03tZvbYvlNFf2acq5oHUcQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fwrite-a-review.html%3Fue_back%3D1&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=08uZdACqvtGgyluS825gmg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0Lihl1baWvhf6TOkXodwsA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0XduUglPDjNSMjsxubrj3Q%3D%3D&amzn-r=%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0YOsOdJkoTlrb2JQ0RFSDA%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=1QT5N1E%2BoHYA3uY20Z45Qw%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=2%2BTC4M6etm0GUm88X8TuOQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=2UjxEKDb5KJ%2F9hQYTEgkuA%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3c9Q%2BP%2FBegFwrtaVnNB7JQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3LujxYM0A0USyG2OFfjV7w%3D%3D&amzn-r=%2Fref%3Dcs_503_link&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3v%2FH%2F%2Fp8hxS87L1CRjIe8g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=4CRscPzyeHD5oPwdd4g72g%3D%3D&amzn-r=%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=4L6GAxTLeRFZV1Ql%2F0XDbg%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=5PEpbY7VE%2Fx%2BF4QsbQCCsA%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=5wtQMuRaMjiNWnLNzrc%2FVQ%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=7fi5ByKad%2BdcvxZljfMzqA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=89kxzNpqpBqZafLdlFX0nQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=8T23TyPKJ9nYw28W4EnfEw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=95jTc%2Fjf17cFyeMo2q5R7g%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=97fM1dyt3h9Jc6nkywTmLA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9AQHcF15x6pT5YUsFxlgBg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9dkyynGR9nYfowg38vfKbQ%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9OGFBL46Q7pNVyNctgZC0w%3D%3D&amzn-r=%2Fhz%2Fmycd%2Fmyx%3FpageType%3Dcontent%26ref_%3Dnav_AccountFlyout_myk&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9Z05sBM3FDHZbxQkWsnZ0Q%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=apEvdI6SD8q8%2Bj6RqXItyg%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=BdXJNklVh%2FTo3oUFbCnlxg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=BMw1tPBj4bD27JeQvJERag%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=c2HyZR58QutNLD12xni6Nw%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=C7pO3cDUAWU%2FidqGpXFrjg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fiyr%2F%3Fie%3DUTF8%26ref_%3Dsv_ys_3&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=cHeprgreEvleNxcpw6qQ7g%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Czxv0r4fsgCtUApC77nCZA%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=D2GoufXGvut9%2FZMuYkd9sQ%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fauth-redirect%2Fref%3Datv_auth_red_bef%3FreturnUrl%3D%2Fgp%2Fvideo%2Fmystuff%2Fref%253Datv_auth_red_aft&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=DnotI5d00ATvL%2FoB2Njr5w%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub%252F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=E%2FKdDDIE0Gs6JwlreVZSrg%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=eJOcfxJSLiZ0gj%2BmnQ4giQ%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=eSdz%2BgPr%2BBR7xoxjOIfsSw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ESObOh2M%2BMzmGyC8otRToQ%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=f5ESAwpSkihjQPIl%2Bs9hlA%3D%3D&amzn-r=%2F%3Fref_%3Dfooter_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=FcYso%2F%2BzwFW3yW%2B%2Fwf7JMg%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=fFfU2T%2FD4%2FQzYRxmhnr52g%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Ffm%2BNimpxLDgRmnUlPCD%2FA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ha10fxEJzSh0nMyxhNHj8Q%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=HbRcpcErDWcoTPiIjQDrsw%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=hWVbQrVPP60R%2FMEYDNFUqg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IBfhlLDppwFRNkZKaih9Tw%3D%3D&amzn-r=%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-sell%26node%3D12766669011%26ref_%3Dnav_cs_sell&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ic88goIdY908wj6AsV8uHQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IgYhIcpecxxWcC1CwgCm6w%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IKULlAVXx5%2B3JVfsoGdx7A%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=itO3%2BJP6Ug64elgLVDhWQQ%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=jGyPq5xFSGjtlCbvS8hq8Q%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=L5KXWOaTj0isegvpVanBeg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fhome%2F%3Fie%3DUTF8%26ref_%3Dtopnav_storetab_ys&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=lmOkLtqxprRCC9EF%2FZOFHQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=moJ2W1sEIk5sorRfxeE4jw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=nC%2BIi4ovQgV0mddORPTlFg%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=NprXEQdwV%2BMflR6xPECeGA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=oCXu0M3f0U%2BzmrEAPhaLTQ%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ODTLp74NeoowmDKyrtofhQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=PBV26dQb2Y1INzjq5mIGOg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=qJp9aWa6EQ0ORMOoPRQ6RA%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=qootGElqNGNfpg%2Bx7sUGqw%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=r6Uog%2FdbGV4fFmxHdfuShg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=RjMI0bt%2BzVNA3JMjMzJg2Q%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=roxXxt79k1e3OYCnTuWDqQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=sM62fbadJtqMKBmZutzqTQ%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=SOJEh0g5GNh3yz21vEi58w%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TWOp0asBI%2FWBWTIkLTtsjA%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=UHco0R4f7vMNkEDM0GQbJA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=uppjsyIHBaraQddL4MAISw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Uqe%2Bj44L232HSBHTqi%2FQzA%3D%3D&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=UQmQcTwDE1aALXI5YMgUmg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=v74vI2HNtwdsMew0%2BCa4yg%3D%3D&amzn-r=%2Fgp%2Fentity-alert%2Fexternal%3Fue_back%3D1&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VBA%2FWqJZtFSpIx8jQO%2B2TQ%3D%3D&amzn-r=%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VMnQX6Wwf9aoBCz%2FnmLPHg%3D%3D&amzn-r=%2Fref%3Dcs_503_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VpYg%2FzqJm%2BlfCHmQSz%2Bi%2FA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=WKtfmT6sXhu4UctX4MQXpw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=wmaWYeM7tTV892Nv5IT%2Brw%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=WU2u70mTqqsTO3A7Q01gmQ%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=wW1ICK07PtAJyLMWPtekow%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=xqei7DKY8jFewDqaI%2BL31g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yGcmbher93sEDsbGY%2BmhpA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yIpcu%2ByTIT%2BGhSDjfI7iNA%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yu6%2FEfW%2FwPCqmg47siCmZw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=zeQeO2v0hNNZMPEQzdgpPg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Zl3unZKkp2iFjlOckDEA6Q%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=zWHXuJMe95diKgc3YS%2BIAQ%3D%3D&amzn-r=%2Fdp%2FB07984JN3L%3Fie%3DUTF-8%26plattr%3DACOMFO&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/ga/p/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/GameXcel-Zapper-Electric-Swatter-Mosquito/dp/B08BP57MMH/ref=sr_1_23?keywords=ZAP&qid=1701867726&sr=8-23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/Giegxin-Natural-Tropical-Hawaiian-Costume/dp/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gift-cards/b/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/giveaway/host/setup/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/GOOTOP-Mosquito-Zapper-Outdoor-Electric/dp/B09PQF39PG/ref=sr_1_38?keywords=ZAP&qid=1701867726&sr=8-38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/associations/wizard.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/associations/wizard.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/associations/wizard.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/associations/wizard.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/aw/cr/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/aw/cr/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/aw/cr/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/aw/cr/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/aw/help/id=sss |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/aw/shoppingAids/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/gp/aw/so.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/gp/aws/ssop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/aws/ssop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/b2b-rd?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/b2b-rd?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/cart |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/cart |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/cart/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/cart/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/cart/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_cart |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&pd_rd_i=B096X8471C&pd_rd_w=gF1gR&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&pd_rd_wg=6xF9n&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 10: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 11: "ue_back" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="savedCartViewForm" method="post" action="/cart/ref=ord_cart_shr?app-nav-type=none&dc=df"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "requestID" "timeStamp" "token" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&pd_rd_i=B0BBPJ1PW6&pd_rd_w=gF1gR&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&pd_rd_wg=6xF9n&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&pd_rd_i=B0BX2MXBH1&pd_rd_w=gF1gR&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&pd_rd_wg=6xF9n&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&pd_rd_i=B000XTPNZK&pd_rd_w=gF1gR&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&pd_rd_wg=6xF9n&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&pd_rd_i=B0BB9BMD7F&pd_rd_w=gF1gR&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&pd_rd_wg=6xF9n&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_5_atc_a?_encoding=UTF8&pd_rd_i=1649374178&pd_rd_w=gF1gR&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&pd_rd_wg=6xF9n&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&pd_rd_i=B08SV2Y7J6&pd_rd_w=gF1gR&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&pd_rd_wg=6xF9n&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&pd_rd_i=B017VPIY4U&pd_rd_w=gF1gR&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&pd_rd_wg=6xF9n&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/gp/cart?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/cart?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/cdp/member-reviews/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/content-form |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/content-form |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/content-form?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/content-form?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/css/homepage.html/147-4280155-9611859?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=footer_ya |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=nav_AccountFlyout_ya |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/customer-images |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/customer-images |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/customer-images?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/customer-images?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/customer-media/upload |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/customer-media/upload |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/customer-media/upload?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/customer-media/upload?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/customer-reviews/common/du |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/customer-reviews/dynamic/sims-box |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/dmusic/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/dmusic/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/dmusic/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/dmusic/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/dmusic/order |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/dmusic/order |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/dmusic/order?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/dmusic/order?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/entity-alert/external |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/entity-alert/external |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/entity-alert/external?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/flex |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/flex |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/flex?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/flex?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/gc/widget |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/gc/widget |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/gfix |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/gfix |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/gfix?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/gfix?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/help/customer/accessibility |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/contact-us |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-pt" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=13316081&ref_=sv_ys_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=897204&ref_=sv_wl_8&sr=1-1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?nodeId=G7DZMQDVP963VXJS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=508088 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=468496 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201910160 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201971070&ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=202075050 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468496&ref_=footer_privacy |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468520&ref_=footer_shiprates |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468556 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508088&ref_=footer_cou |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=footer_gw_m_b_he |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=nav_cs_customerservice |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GA22MNAVD7XADYG9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GDFU3JS5AL6SYHRD&ref_=footer_covid |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GLQP8385T78LUERA&ref_=universal_registries_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GWS7X8NH29WQEK5X |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/history/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/history/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/history/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/history/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/history/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/history/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/history/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/music/clipserve |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/music/clipserve |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/music/wma-pop-up |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/music/wma-pop-up |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/offer-listing/9000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/offer-listing/9000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/offer-listing/B000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/offer-listing/B000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/orc/rml/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/pdp/profile/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/pdp/profile/?ie=UTF8&ref_=sv_ys_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/product/e-mail-friend |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/product/product-availability |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/product/rate-this-item |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/profile/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/promotion/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/recsradio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/recsradio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/recsradio?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/recsradio?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/redirect.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/redirect.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/redirect.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/redirect.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/registry/search.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/registry/search.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/registry/search.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/registry/search.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/rl/settings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/rl/settings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/sign-in |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/sign-in |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/sign-in?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/sign-in?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/sitbv3/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/sitbv3/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/sitbv3/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/sitbv3/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/slredirect |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/slredirect |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/slredirect?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/slredirect?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/socialmedia/giveaways |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/twitter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/twitter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/twitter/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/twitter/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/video/api |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/video/dvd-rental/settings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/video/mystuff |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/video/settings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/vote |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/vote |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/vote?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/vote?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/voting/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/voting/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/voting/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/gp/voting/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="/wedding/search" class="wedding-find-stripe__form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "nameOrEmail" "ref_" ]. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/yourstore/home/?ie=UTF8&ref_=topnav_storetab_ys |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/yourstore/iyr/?ie=UTF8&ref_=sv_ys_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/gp/yourstore/recs/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/Herbal-Zap-Instantly-Dissolving-Supplement/dp/B01L4J9O8Y/ref=sr_1_33?keywords=ZAP&qid=1701867726&sr=8-33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/hp/video/api |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/hz/contact-us/ajax/initiate-trusted-contact/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/hz/help/contact/*/message/$ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/hz/leaderboard/top-reviewers/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/hz/mycd/myx?pageType=content&ref_=nav_AccountFlyout_myk |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/hz/wishlist/friends/ref_=cm_wl_your_friends |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/hz/wishlist/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/Iron-Flame-Empyrean-Rebecca-Yarros/dp/1649374178/ref=nta-top-sellers_d_sccl_1_5/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Lets-Clean-The-House/dp/B0B8PGK8XW/ref=sr_1_56?keywords=ZAP&qid=1701867726&sr=8-56 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Living-Puppet-9-Inch-Friendly-Monster/dp/B0CJQBMHW1/ref=sr_1_48?keywords=ZAP&qid=1701867726&sr=8-48 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Master-Lock-8417D-Python-Keyed/dp/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/music/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/music/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/music/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/music/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/music/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/music/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/music/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/music/s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D899f9d5a-aa9a-ac57-0071-071f359074a7%26type%3D55%26m%3D1&ex-fch=416613&ex-hargs=v%3D1.0%3Bc%3D2702107500201%3Bp%3D899F9D5A-AA9A-AC57-0071-071F359074A7&ex-src=https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/Nittaku-3-stars-Premium-Table-Tennis/dp/B017VPIY4U/ref=nta-top-sellers_d_sccl_1_7/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Nokia-Unlocked-Hotspot-Assistant-Charcoal/dp/B08SV2Y7J6/ref=nta-top-sellers_d_sccl_1_6/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Outdoor-Cordless-Rechargeable-Mosquito-Equipped/dp/B0BNN13X69/ref=sr_1_43?keywords=ZAP&qid=1701867726&sr=8-43 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Outdoor-High-Power-Mosquito-Waterproof-Backyard/dp/B0BVQWLLT7/ref=sr_1_44?keywords=ZAP&qid=1701867726&sr=8-44 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-CA-Adhesives/dp/B0006O8ECG/ref=sr_1_53?keywords=ZAP&qid=1701867726&sr=8-53 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-Single-Adhesives/dp/B00GB0SFT6/ref=sr_1_52?keywords=ZAP&qid=1701867726&sr=8-52 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-Z-Poxy-Minute/dp/B00SXJJ4I4/ref=sr_1_60?keywords=ZAP&qid=1701867726&sr=8-60 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-Zap-Adhesives/dp/B00SXJJ2QI/ref=sr_1_7?keywords=ZAP&qid=1701867726&sr=8-7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Pellon-Wrap-N-Zap-Batting-36-Inch-Natural/dp/B01N4B9B6I/ref=sr_1_46?keywords=ZAP&qid=1701867726&sr=8-46 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Phosooy-Electric-Aluminium-Mosquito-Hanging/dp/B08P8MJ4X3/ref=sr_1_59?keywords=ZAP&qid=1701867726&sr=8-59 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "cross-context-behavioral-ads-opt-in" "cross-context-behavioral-ads-opt-out" "privacy-pref-save" ]. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form class="askQuestionForm" method="POST" action="/ask/questions/asin/B000XTPNZK/create"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "__token_" "askErrorUrl" "askQuestionSource" "askQuestionSourcePage" ]. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/product-reviews/B0069IY63Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/product-reviews/B017VPIY4U/ref=nta-top-sellers_d_sccl_1_7_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/product-reviews/B08SV2Y7J6/ref=nta-top-sellers_d_sccl_1_6_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/product-reviews/B096X8471C/ref=nta-top-sellers_d_sccl_1_8_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form class="askQuestionForm" method="POST" action="/ask/questions/asin/B0BB9BMD7F/create"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "__token_" "askErrorUrl" "askQuestionSource" "askQuestionSourcePage" ]. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form class="askQuestionForm" method="POST" action="/ask/questions/asin/B0BBPJ1PW6/create"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "__token_" "askErrorUrl" "askQuestionSource" "askQuestionSourcePage" ]. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form class="askQuestionForm" method="POST" action="/ask/questions/asin/B0BX2MXBH1/create"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "__token_" "askErrorUrl" "askQuestionSource" "askQuestionSourcePage" ]. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/Pure-ZAP-Vitamin-Natural-Verified/dp/B0CLFF5X2N/ref=sr_1_51?keywords=ZAP&qid=1701867726&sr=8-51 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ref=cs_500_link |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ref=cs_500_logo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ref=cs_503_link |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ref=cs_503_logo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ref=nav_logo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="gr-find-stripe__form" method="post" action="" class="gr-find-stripe__form a-spacing-medium a-spacing-top-medium"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "name" ]. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="gr-find-stripe__form" method="post" action="" class="gr-find-stripe__form a-spacing-medium a-spacing-top-medium"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "name" ]. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="gr-find-stripe__form" method="post" action="" class="gr-find-stripe__form a-spacing-medium a-spacing-top-medium"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "name" ]. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="gr-find-stripe__form" method="post" action="" class="gr-find-stripe__form a-spacing-medium a-spacing-top-medium"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "name" ]. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="gr-find-stripe__form" method="post" action="" class="gr-find-stripe__form a-spacing-medium a-spacing-top-medium"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "name" ]. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/review/common/du |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/review/common/du |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/review/common/du?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/review/common/du?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/review/dynamic/sims-box |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/review/dynamic/sims-box |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/review/dynamic/sims-box?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/review/dynamic/sims-box?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/reviews/iframe |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/rss/people/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/rss/people/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+cleaner&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+glue&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "content-id" "k" "pd_rd_r" "pd_rd_w" "pd_rd_wg" "pf_rd_p" "pf_rd_r" "qid" "ref" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "content-id" "high-price" "k" "low-price" "pd_rd_r" "pd_rd_w" "pd_rd_wg" "pf_rd_p" "pf_rd_r" "qid" "ref" "rnid" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+skimboard&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "content-id" "k" "pd_rd_r" "pd_rd_w" "pd_rd_wg" "pf_rd_p" "pf_rd_r" "qid" "ref" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "content-id" "high-price" "k" "low-price" "pd_rd_r" "pd_rd_w" "pd_rd_wg" "pf_rd_p" "pf_rd_r" "qid" "ref" "rnid" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zep&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s/browse/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&ie=UTF8&node=12302698011&pd_rd_i=B0BW2VKGXX&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s/ref=nb_sb_noss?field-keywords=ZAP&url=https%3A%2F%2Fzap.example.com |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3A%2BgnDOQg7ZkELD4ve3ezFEBZ6NXmMmK4ZL9oCbiflnuI&k=ZAP&qid=1701867726&ref=sr_nr_n_7&rh=n%3A3310241011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3A2crFyusus%2B%2B1RT1IwyUcU5XC59VUC46m3qWpeqVgASA&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_three_browse-bin_1&rh=n%3A3738021%2Cp_n_feature_three_browse-bin%3A116624669011&rnid=116623717011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3A6hO4ACwHHBgsE4GPUVQOCqFN1jLvlSUMJjEDH%2F5O9Xc&k=ZAP&qid=1701867726&ref=sr_nr_n_4&rh=n%3A2625373011%2Cn%3A2858905011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3A9HZGWeEBC7fpeApkrnRZ%2B0noSnyscx6e73bvFE5haRo&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_twenty_browse-bin_4&rh=n%3A2972638011%2Cp_n_feature_twenty_browse-bin%3A2972997011&rnid=2972980011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Aa3L5yTq%2FTwAq%2BJ3vC5KEF7wpuGAqx2rnqT4RadNEQUw&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_five_browse-bin_2&rh=n%3A553844%2Cp_n_feature_five_browse-bin%3A3622357011&rnid=3622346011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AAj5uFUCmzBeIGCB9O4HD5B7ecF9u2cEiX5pLWbA7pbI&k=ZAP&qid=1701867726&ref=sr_nr_n_9&rh=n%3A15342811&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AB4kJcVL6p3ciIEr8VqWzcrfxAqq2mUXrpSaQ8%2BnR2bs&k=ZAP&qid=1701867726&ref=sr_nr_n_5&rh=n%3A2236128011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ADfC3Jc%2Fathy%2FRtz2qlN4k2fN2W%2B69EMqB0Wj9ogPRng&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_1&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624666011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AdJGoKEUeVJUmdp%2FwolJaYem3p4f7gC9xCNmXGyPCG8A&k=ZAP&qid=1701867726&ref=sr_nr_p_n_availability_2&rh=p_n_availability%3A2661601011&rnid=2661599011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AEoJQDIxorNSLVTxbHgjb7OJEBRaD74dfWqIoSpg1yuY&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_five_browse-bin_1&rh=n%3A553844%2Cp_n_feature_five_browse-bin%3A3622349011&rnid=3622346011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AErIi6LrN3colZg%2FVX3I5QfY8FZ7K4mIFZYuGJhCxhJQ&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_three_browse-bin_3&rh=n%3A3738021%2Cp_n_feature_three_browse-bin%3A116624672011&rnid=116623717011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AETFEK2gWyn69GO0z64HRRciTpcLblrr65sAIfWhSrlU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_sb_certificate_id_1&rh=p_n_sb_certificate_id%3A98614993011&rnid=98614992011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Af507bn1iJ3PXzyLGr04rOT25Qu22KyU1gl2ZLLCgDaU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_browse-bin%3A116624662011&rnid=116623715011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AfZ8FVSIdc1PbE83G1hsctPSCtZkyHqUed7sUbFVV6fo&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_twenty_browse-bin_2&rh=n%3A2972638011%2Cp_n_feature_twenty_browse-bin%3A2972994011&rnid=2972980011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah%2BVTVE2AY0cxrNzy9enMcGam8OMSH48bPEIgoSrF0L4&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_forty-one_browse-bin_1&rh=n%3A2972638011%2Cp_n_feature_forty-one_browse-bin%3A119653281011&rnid=119653280011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "dc" "i" "k" "qid" "ref" "rh" "rnid" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "dc" "high-price" "i" "k" "low-price" "qid" "ref" "rh" "rnid" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AHGxFMrFiQgPStU10MEDG2rHilbXMy1djT748rHIuYsY&k=ZAP&qid=1701867726&ref=sr_nr_p_36_2&rh=n%3A2972638011%2Cp_36%3A2661613011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AHQQ5UvgIDzXjeyXJZOPUFZRnWvkJRVAnXZ8RUO3%2FugI&k=ZAP&qid=1701867726&ref=sr_nr_p_72_3&rh=p_72%3A2661620011&rnid=2661617011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AiZCunxarHdwKSUxjmUjqhaddqL9uXJe1Z72Roe%2BmcVY&k=ZAP&qid=1701867726&ref=sr_nr_p_72_4&rh=p_72%3A2661621011&rnid=2661617011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Aj8puxO0oy%2FGawj%2FmWFlf9y3TMbdwSH6VTItIe6xBlLw&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_three_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_three_browse-bin%3A116624670011&rnid=116623717011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ak2x2B5%2FPbUY3SdCV%2F1UvaNsUmRunD0PPx7Q1c61Gung&k=ZAP&qid=1701867726&ref=sr_nr_p_36_4&rh=n%3A2972638011%2Cp_36%3A2661615011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AlqYbcZALOVGXWSl080MnUWXsxFJIhrYnn3ovkyIP%2BTE&k=ZAP&qid=1701867726&ref=sr_nr_n_2&rh=n%3A2625373011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ALVQLAHCecwjxfLgrctm3Wgujr%2BYp6xiUGIEBdQ2VTuc&k=ZAP&qid=1701867726&ref=sr_nr_p_72_1&rh=p_72%3A2661618011&rnid=2661617011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "dc" "i" "k" "qid" "ref" "rh" "rnid" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "dc" "high-price" "i" "k" "low-price" "qid" "ref" "rh" "rnid" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AMPk1Axx7H3xe85ZYUl16%2B36IbpwqDvdhLSCh93XikfQ&k=ZAP&qid=1701867726&ref=sr_nr_p_n_date_first_available_absolute_1&rh=n%3A2972638011%2Cp_n_date_first_available_absolute%3A2661609011&rnid=2661608011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AmQlpkGxEtH%2BGPX%2FFgthYt7jlu8EmzymK%2FbBMCB%2FWY90&k=ZAP&qid=1701867726&ref=sr_nr_n_1&rh=n%3A3738021&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AN2y66%2BjGnwLPLT9Ad%2BUnyZB%2FKps1hzMH6SBRGmwZF%2B4&k=ZAP&qid=1701867726&ref=sr_nr_p_36_1&rh=n%3A2972638011%2Cp_36%3A2661612011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AO%2B1glBJ6PwcMM8lxLfbM2uHUBJepAKX0qX4W28A9ljA&k=ZAP&qid=1701867726&ref=sr_nr_p_n_deal_type_1&rh=p_n_deal_type%3A23566065011&rnid=23566063011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AOIBjDd7i2iZ4Q1LgiAGExL%2BNbT9qF7db2T6cCPGfHA0&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_2&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624667011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AOWy6AIfDqMbYmFIk9qKX3Zu8x7CduUIZkBJpcrXpiGA&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_twenty_browse-bin_3&rh=n%3A2972638011%2Cp_n_feature_twenty_browse-bin%3A2972992011&rnid=2972980011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AP4ZYziMF29gHf0wFsf8JQ0iT2Qa2v0IbDdFEYUT6oms&k=ZAP&qid=1701867726&ref=sr_nr_p_89_2&rh=n%3A2972638011%2Cp_89%3AAMUFER&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AP9Y1DGUekhwZJEj5l4M%2BDeMqHbtOcbH4OlJJq%2BLMkZs&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_twenty_browse-bin_5&rh=n%3A2972638011%2Cp_n_feature_twenty_browse-bin%3A2972983011&rnid=2972980011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ApF%2Fam6Ycg%2BXg69FChSeHZARGZCjZ7%2BHOj7nL%2FRgx1TU&k=ZAP&qid=1701867726&ref=sr_nr_n_8&rh=n%3A3737901&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AQgf545ZuA2jEc1bxVS3yR7eKXMWFs069s7I7wrdkk9w&k=ZAP&qid=1701867726&ref=sr_nr_p_36_3&rh=n%3A2972638011%2Cp_36%3A2661614011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AqsV428nc0lCi%2BF4WKVuvZWHSeZPKaliyKi9CvFlUXe4&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_browse-bin_2&rh=n%3A3738021%2Cp_n_feature_browse-bin%3A116624661011&rnid=116623715011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArfSTulZPqfJAHvdysD9XF1SMxq%2BdLm0bJr28LYz0ym8&k=ZAP&qid=1701867726&ref=sr_nr_p_89_3&rh=n%3A2972638011%2Cp_89%3AMosiller&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "dc" "i" "k" "qid" "ref" "rh" "rnid" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Atz301C2BNRRhzs%2FXdAaNoYRM4gLlE71cHOmZcxKi3Eg&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_twenty_browse-bin_1&rh=n%3A2972638011%2Cp_n_feature_twenty_browse-bin%3A2972982011&rnid=2972980011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AUfZokyaknMPMTqRPrIDdfcpFrnToD5OBpVaKPvp8pW0&k=ZAP&qid=1701867726&ref=sr_nr_p_n_date_first_available_absolute_2&rh=n%3A2972638011%2Cp_n_date_first_available_absolute%3A2661610011&rnid=2661608011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AuJO0zldyeQF3qbBEzLRc0ujBz906IUjSBK0FN37qyeY&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_browse-bin_3&rh=n%3A3738021%2Cp_n_feature_browse-bin%3A116624663011&rnid=116623715011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AvgHZh9iFYqLIsprMnQZFaHLY0IP2Y092OCgmWPpZJwI&k=ZAP&qid=1701867726&ref=sr_nr_p_n_deal_type_2&rh=p_n_deal_type%3A23566064011&rnid=23566063011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AvZJmqOwpJGP5PtQR60%2FsfDe7qBWbpC9yXgGk%2FfaAcVQ&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_twenty_browse-bin_6&rh=n%3A2972638011%2Cp_n_feature_twenty_browse-bin%3A2972990011&rnid=2972980011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AW7I0E02CY0iCYRkycCLENS8sgA1Evgv%2FqmnjoDkZaJY&k=ZAP&qid=1701867726&ref=sr_nr_n_6&rh=n%3A13398611&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AWcj9ZdCeQuRX3AY2wUotx85egurfOmXy1USjFddsNgs&k=ZAP&qid=1701867726&ref=sr_nr_p_n_condition-type_1&rh=n%3A2972638011%2Cp_n_condition-type%3A6358196011&rnid=6358194011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Awp%2BGwDVLpOrgR5aIprd9KEZPBSBdSgy7Lbowk3eiaAo&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_browse-bin_1&rh=n%3A3738021%2Cp_n_feature_browse-bin%3A116624664011&rnid=116623715011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AwwhK4KmVli9s9YcgOcWqpFCNe8HXnkoBs9PJQY3P5ac&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_three_browse-bin_2&rh=n%3A3738021%2Cp_n_feature_three_browse-bin%3A116624671011&rnid=116623717011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AxfgPZmrOdMQ94WkDNM%2FSkEnghyIQYK4pqckhjNuH6Mc&k=ZAP&qid=1701867726&ref=sr_nr_p_72_2&rh=p_72%3A2661619011&rnid=2661617011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "dc" "i" "k" "qid" "ref" "rh" "rnid" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AzZWXMddzJwQeYrpboa2zgI%2Fs0lCN%2FJgMLPP5%2FdU61m8&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_3&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624665011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_500_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "k" "qid" "ref" ]. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "high-price" "k" "low-price" "qid" "ref" "rnid" ]. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/s?k=ZAP&page=2&qid=1701867726&ref=sr_pg_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=ZAP&page=2&qid=1701867726&ref=sr_pg_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=ZAP&page=3&qid=1701867726&ref=sr_pg_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+animal+collar&ref=sr_nr_p_cosmo_multi_pt_8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+battery&ref=sr_nr_p_cosmo_multi_pt_11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+bonding+adhesive&ref=sr_nr_p_cosmo_multi_pt_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "k" "qid" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "high-price" "k" "low-price" "qid" "ref" "rnid" ]. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ue_back" ]. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "k" "qid" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/s?k=zap+charging+adapter&ref=sr_nr_p_cosmo_multi_pt_15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+cleaning+agent&ref=sr_nr_p_cosmo_multi_pt_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+digital+movie&ref=sr_nr_p_cosmo_multi_pt_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+drain+opener+substance&ref=sr_nr_p_cosmo_multi_pt_14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+electromechanical+switch&ref=sr_nr_p_cosmo_multi_pt_13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+flashlight&ref=sr_nr_p_cosmo_multi_pt_10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+medication&ref=sr_nr_p_cosmo_multi_pt_16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+pest+control+device&ref=sr_nr_p_cosmo_multi_pt_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+remote+control&ref=sr_nr_p_cosmo_multi_pt_7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+skin+moisturizer&ref=sr_nr_p_cosmo_multi_pt_12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+sport+board+%26+ski&ref=sr_nr_p_cosmo_multi_pt_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+towel&ref=sr_nr_p_cosmo_multi_pt_9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+toy+gun&ref=sr_nr_p_cosmo_multi_pt_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/s" class="aok-inline-block a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "k" "qid" "ref" ]. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/s?k=zap+watch&ref=sr_nr_p_cosmo_multi_pt_18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/Seiddons-Christmas-Velvet-Unisex-Clause/dp/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Shark-AV2501S-Self-Empty-Navigation-UltraClean/dp/B09H8CWFNK/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H8CWFNK&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ShiZap-Energized-Stacking-Block-Game/dp/B08HCHDPK2/ref=sr_1_39?keywords=ZAP&qid=1701867726&sr=8-39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Simply-Calphalon-Nonstick-Cookware-SA10H/dp/B001AS94TY/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B001AS94TY&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery-ebook/dp/B09RC2SQ5K/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery/dp/0999820079/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery/dp/0999820095/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery/dp/B09VLGT12H/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Soundcore-Cancelling-Headphones-Wireless-Bluetooth/dp/B07NM3RSRQ/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0819LK85F&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ss/customer-reviews/lighthouse/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ss/twister/ajax |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="b" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "f" "g" ]. |
| URL | https://www.amazon.com/The-Zip-Zap-No-Small-Parts/dp/B0CBD6M8X5/ref=sr_1_42?keywords=ZAP&qid=1701867726&sr=8-42 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="gr-tag-modal-create-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "gr-tag-modal-name-input" ]. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="" autocomplete="off" class="aok-hidden all-offers-display-params"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "all-offers-display-params" "all-offers-display-reload-param" ]. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/gp/cart/view.html/ref=1_cart" class="a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "" ]. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="" autocomplete="off" class="aok-hidden all-offers-display-params"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "all-offers-display-params" "all-offers-display-reload-param" ]. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="" autocomplete="off" class="aok-hidden all-offers-display-params"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "all-offers-display-params" "all-offers-display-reload-param" ]. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=pd_bxgy_crt?_encoding=UTF8&pd_rd_w=HS8xW&content-id=amzn1.sym.839d7715-b862-4989-8f65-c6f9502d15f9&pf_rd_p=839d7715-b862-4989-8f65-c6f9502d15f9&pf_rd_r=P3DR0G98WX3Y8XEF2WGQ&pd_rd_wg=vkWiJ&pd_rd_r=124c8189-cc25-460b-a52c-46bf175255fc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "items[2.base][asin]" "items[2.base][offerListingId]" "items[2.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="/wedding/search" class="wedding-find-stripe__form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "nameOrEmail" "ref_" ]. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="/wedding/search" class="wedding-find-stripe__form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "nameOrEmail" "ref_" ]. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="/wedding/search" class="wedding-find-stripe__form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "nameOrEmail" "ref_" ]. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="wr-search-search-form" method="get" action="/wedding/search?ref_=hit_wr_cr_search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "nameOrEmail" ]. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="wr-search-search-form" method="get" action="/wedding/search?ref_=hit_wr_cr_search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "nameOrEmail" ]. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/ZAP-Black-Large-Twin-Zapper/dp/B08GXVGZZZ/ref=sr_1_15?keywords=ZAP&qid=1701867726&sr=8-15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ZAP-Blue-Medium-Twin-Zapper/dp/B08GWZ3LVQ/ref=sr_1_24?keywords=ZAP&qid=1701867726&sr=8-24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ZAP-Blue-Mini-Twin-Zapper/dp/B08GXB6Y9Z/ref=sr_1_45?keywords=ZAP&qid=1701867726&sr=8-45 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ZAP-Bug-Zapper-Battery-Mosquito/dp/B07KZ8TXWQ/ref=sr_1_14?keywords=ZAP&qid=1701867726&sr=8-14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ZAP-Bug-Zapper-Battery-Mosquito/dp/B07KZQKWVP/ref=sr_1_16?keywords=ZAP&qid=1701867726&sr=8-16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ZAP-Bug-Zapper-Rechargeable-Attractant/dp/B085HLLHL1/ref=sr_1_11?keywords=ZAP&qid=1701867726&sr=8-11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Cloth-Streak-Free-Cloths/dp/B00JOQWPNG/ref=sr_1_54?keywords=ZAP&qid=1701867726&sr=8-54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ZAP-Electric-Indoor-Zapper-Mosquito/dp/B088QS5VGJ/ref=sr_1_22?keywords=ZAP&qid=1701867726&sr=8-22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ZAP-Electric-Outdoor-Waterproof-Mosquito/dp/B088QSKG8S/ref=sr_1_30?keywords=ZAP&qid=1701867726&sr=8-30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Formaldehyde-Brazilian-Treatment-Progressive/dp/B0BL437FFW/ref=sr_1_32?keywords=ZAP&qid=1701867726&sr=8-32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Justin-J-Wheeler/dp/B085K7PHB3/ref=sr_1_58?keywords=ZAP&qid=1701867726&sr=8-58 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Kara-Camden/dp/B01DUIN9TC/ref=sr_1_12?keywords=ZAP&qid=1701867726&sr=8-12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Martha-Freeman-ebook/dp/B074ZN2L3N/ref=sr_1_49?keywords=ZAP&qid=1701867726&sr=8-49 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Martha-Freeman/dp/1534405577/ref=sr_1_49?keywords=ZAP&qid=1701867726&sr=8-49 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Martha-Freeman/dp/1534405585/ref=sr_1_49?keywords=ZAP&qid=1701867726&sr=8-49 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Play-Paul-Fleischman-ebook/dp/B011S7489W/ref=sr_1_21?keywords=ZAP&qid=1701867726&sr=8-21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Play-Paul-Fleischman/dp/0763627747/ref=sr_1_21?keywords=ZAP&qid=1701867726&sr=8-21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Play-Revised-Paul-Fleischman/dp/0763680133/ref=sr_1_21?keywords=ZAP&qid=1701867726&sr=8-21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Progressive-Brush-Long-lasting-Straightening/dp/B07SSHX3BM/ref=sr_1_8?keywords=ZAP&qid=1701867726&sr=8-8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/ZAP-Zapper-Large-Twin-Pack/dp/B07GN4JZL8/ref=sr_1_10?keywords=ZAP&qid=1701867726&sr=8-10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zap-Zapper-Racket-4000V-Rechargeable/dp/B06WW6831F/ref=sr_1_5?keywords=ZAP&qid=1701867726&sr=8-5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zapped-Zendaya/dp/B00MKKCVGO/ref=sr_1_34?keywords=ZAP&qid=1701867726&sr=8-34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="" autocomplete="off" class="aok-hidden all-offers-display-params"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "all-offers-display-params" "all-offers-display-reload-param" ]. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="twister" method="get" action="/gp/product" class="a-spacing-small"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "ASIN" "dummySubmitButton" "twisterDimKeys" "twisterNonJs" ]. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="" autocomplete="off" class="aok-hidden all-offers-display-params"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "all-offers-display-params" "all-offers-display-reload-param" ]. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=pd_bxgy_crt?_encoding=UTF8&pd_rd_w=FNKd0&content-id=amzn1.sym.839d7715-b862-4989-8f65-c6f9502d15f9&pf_rd_p=839d7715-b862-4989-8f65-c6f9502d15f9&pf_rd_r=73FRJ0K9NJEWYP2DSF6V&pd_rd_wg=zVAK0&pd_rd_r=8ef76853-3618-4ca7-a634-7ed1488d1f45" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "items[2.base][asin]" "items[2.base][offerListingId]" "items[2.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "ue_back" ]. |
| URL | https://www.amazon.com/Zezo-Fiber-Zap-Cloth-10-Cloths/dp/B01CH150VS/ref=sr_1_9?keywords=ZAP&qid=1701867726&sr=8-9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.amazon.com/Zipi-Zape-Isla-del-Capit%C3%A1n/dp/B09ZKMWZ25/ref=sr_1_37?keywords=ZAP&qid=1701867726&sr=8-37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="get" action="/errors/validateCaptcha" name=""> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "amzn" "amzn-r" "captchacharacters" ]. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="/search" autocomplete="off" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnI" "btnK" "ei" "iflsig" "sca_esv" "source" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_8?_encoding=UTF8&pd_rd_i=B09FP6WDSK&pd_rd_w=rbz6v&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 10: "anti-csrftoken-a2z" "clientName" "items[8.base][asin]" "items[8.base][offerListingId]" "items[8.base][quantity]" "quantity.B09FP6WDSK" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_0?_encoding=UTF8&pd_rd_i=B0BN5XVFXG&pd_rd_w=VpWv4&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 11: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_1?_encoding=UTF8&pd_rd_i=B09ZNTCKC7&pd_rd_w=VpWv4&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 12: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_0?_encoding=UTF8&pd_rd_i=B07DP8TSFT&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 13: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_1?_encoding=UTF8&pd_rd_i=B0747WDVCL&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 14: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_2?_encoding=UTF8&pd_rd_i=B0164L0Z9O&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 15: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_3?_encoding=UTF8&pd_rd_i=B00OCGUG02&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 16: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_4?_encoding=UTF8&pd_rd_i=B07JPYYMLK&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 17: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_5?_encoding=UTF8&pd_rd_i=B07YCDV31V&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 18: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_6?_encoding=UTF8&pd_rd_i=B07XQM9ZT6&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 19: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_7?_encoding=UTF8&pd_rd_i=B0C7TQF43J&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 20: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_8?_encoding=UTF8&pd_rd_i=B07S3XQFBS&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 21: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_9?_encoding=UTF8&pd_rd_i=B07W9765QW&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 22: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_10?_encoding=UTF8&pd_rd_i=B08B4KYKJZ&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 23: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_11?_encoding=UTF8&pd_rd_i=B094YMHBVW&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 24: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_12?_encoding=UTF8&pd_rd_i=B0BKFHD3VY&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 25: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_13?_encoding=UTF8&pd_rd_i=B07RG7DDW6&pd_rd_w=oGmUZ&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 26: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 27: "ue_back" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="sw-ptc-form" method="get" action="/gp/cart/desktop/go-to-checkout.html/ref=ox_sw_proceed?proceedToCheckout=1&oldCustomerId=0&sessionID=147-4280155-9611859&useDefaultCart=1" class="a-spacing-none a-spacing-top-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "oldCustomerId" "proceedToCheckout" "proceedToRetailCheckout" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_1?_encoding=UTF8&pd_rd_i=B07Y8FLNHZ&pd_rd_w=rbz6v&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "anti-csrftoken-a2z" "clientName" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "quantity.B07Y8FLNHZ" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_2?_encoding=UTF8&pd_rd_i=B0BDYYR7GV&pd_rd_w=rbz6v&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "anti-csrftoken-a2z" "clientName" "items[2.base][asin]" "items[2.base][offerListingId]" "items[2.base][quantity]" "quantity.B0BDYYR7GV" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_3?_encoding=UTF8&pd_rd_i=B07FX31L5K&pd_rd_w=rbz6v&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "items[3.base][asin]" "items[3.base][offerListingId]" "items[3.base][quantity]" "quantity.B07FX31L5K" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_4?_encoding=UTF8&pd_rd_i=B07G44K67L&pd_rd_w=rbz6v&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "items[4.base][asin]" "items[4.base][offerListingId]" "items[4.base][quantity]" "quantity.B07G44K67L" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_5?_encoding=UTF8&pd_rd_i=B07JHM5P8Q&pd_rd_w=rbz6v&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "anti-csrftoken-a2z" "clientName" "items[5.base][asin]" "items[5.base][offerListingId]" "items[5.base][quantity]" "quantity.B07JHM5P8Q" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_6?_encoding=UTF8&pd_rd_i=B0CJR3VFFH&pd_rd_w=rbz6v&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "items[6.base][asin]" "items[6.base][offerListingId]" "items[6.base][quantity]" "quantity.B0CJR3VFFH" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_7?_encoding=UTF8&pd_rd_i=B07Z4G36M2&pd_rd_w=rbz6v&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=R8CFMWQEREGTDVATVKA8&pd_rd_wg=n56oK&pd_rd_r=18d0b52e-a612-43cc-8763-ccc0fd4fd2a5" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "anti-csrftoken-a2z" "clientName" "items[7.base][asin]" "items[7.base][offerListingId]" "items[7.base][quantity]" "quantity.B07Z4G36M2" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_8?_encoding=UTF8&pd_rd_i=B01HS3JOFS&pd_rd_w=iK7oT&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 10: "anti-csrftoken-a2z" "clientName" "items[8.base][asin]" "items[8.base][offerListingId]" "items[8.base][quantity]" "quantity.B01HS3JOFS" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_ewc_fbt_0?_encoding=UTF8&pd_rd_i=B00489KLB2&pd_rd_w=pvB0p&content-id=amzn1.sym.38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_p=38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 11: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_ewc_fbt_1?_encoding=UTF8&pd_rd_i=B08X1JKSQ8&pd_rd_w=pvB0p&content-id=amzn1.sym.38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_p=38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 12: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_ewc_fbt_2?_encoding=UTF8&pd_rd_i=B005DS4WCG&pd_rd_w=pvB0p&content-id=amzn1.sym.38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_p=38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 13: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_ewc_fbt_3?_encoding=UTF8&pd_rd_i=B00LNG91UU&pd_rd_w=pvB0p&content-id=amzn1.sym.38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_p=38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 14: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_ewc_fbt_4?_encoding=UTF8&pd_rd_i=B0BHZRKBLN&pd_rd_w=pvB0p&content-id=amzn1.sym.38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_p=38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 15: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_ewc_fbt_5?_encoding=UTF8&pd_rd_i=B002M0H7XO&pd_rd_w=pvB0p&content-id=amzn1.sym.38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_p=38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 16: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_0?_encoding=UTF8&pd_rd_i=B07MHJFRBJ&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 17: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_1?_encoding=UTF8&pd_rd_i=B079VP6DH5&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 18: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_2?_encoding=UTF8&pd_rd_i=B074CR89QG&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 19: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_3?_encoding=UTF8&pd_rd_i=B00S93EQUK&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 20: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_4?_encoding=UTF8&pd_rd_i=B0932M1666&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 21: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_5?_encoding=UTF8&pd_rd_i=B0016HF5GK&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 22: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_8?_encoding=UTF8&pd_rd_i=B0748J34WZ&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 23: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_9?_encoding=UTF8&pd_rd_i=B09BWFX1L6&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 24: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_10?_encoding=UTF8&pd_rd_i=B01LYNW421&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 25: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_11?_encoding=UTF8&pd_rd_i=B079VP6DH6&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 26: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_12?_encoding=UTF8&pd_rd_i=B00WSWGVZQ&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 27: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_13?_encoding=UTF8&pd_rd_i=B00FQT4LX2&pd_rd_w=0tRm5&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 28: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_0?_encoding=UTF8&pd_rd_i=B0894GLLR8&pd_rd_w=mP02C&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 29: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="sw-ptc-form" method="get" action="/gp/cart/desktop/go-to-checkout.html/ref=ox_sw_proceed?proceedToCheckout=1&oldCustomerId=0&sessionID=147-4280155-9611859&useDefaultCart=1" class="a-spacing-none a-spacing-top-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "oldCustomerId" "proceedToCheckout" "proceedToRetailCheckout" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_1?_encoding=UTF8&pd_rd_i=B00AY1LSHY&pd_rd_w=mP02C&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 30: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_2?_encoding=UTF8&pd_rd_i=B0B2KPH2JJ&pd_rd_w=mP02C&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 31: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_3?_encoding=UTF8&pd_rd_i=B07JQCLHV2&pd_rd_w=mP02C&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 32: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_4?_encoding=UTF8&pd_rd_i=B0BZTRG1K7&pd_rd_w=mP02C&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 33: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_6?_encoding=UTF8&pd_rd_i=B09QY855R3&pd_rd_w=mP02C&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 34: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_7?_encoding=UTF8&pd_rd_i=B08SBNKXWX&pd_rd_w=mP02C&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 35: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_8?_encoding=UTF8&pd_rd_i=B01MZ2WUCA&pd_rd_w=mP02C&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 36: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_9?_encoding=UTF8&pd_rd_i=B06Y5XD1NP&pd_rd_w=mP02C&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 37: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 38: "ue_back" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_1?_encoding=UTF8&pd_rd_i=B07KFZFKLT&pd_rd_w=iK7oT&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "anti-csrftoken-a2z" "clientName" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "quantity.B07KFZFKLT" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_2?_encoding=UTF8&pd_rd_i=B07QML4C7B&pd_rd_w=iK7oT&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "anti-csrftoken-a2z" "clientName" "items[2.base][asin]" "items[2.base][offerListingId]" "items[2.base][quantity]" "quantity.B07QML4C7B" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_3?_encoding=UTF8&pd_rd_i=B09SP5X1Q8&pd_rd_w=iK7oT&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "items[3.base][asin]" "items[3.base][offerListingId]" "items[3.base][quantity]" "quantity.B09SP5X1Q8" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_4?_encoding=UTF8&pd_rd_i=B01DQET5VG&pd_rd_w=iK7oT&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "items[4.base][asin]" "items[4.base][offerListingId]" "items[4.base][quantity]" "quantity.B01DQET5VG" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_5?_encoding=UTF8&pd_rd_i=B0C3HJ37MT&pd_rd_w=iK7oT&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "anti-csrftoken-a2z" "clientName" "items[5.base][asin]" "items[5.base][offerListingId]" "items[5.base][quantity]" "quantity.B0C3HJ37MT" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_6?_encoding=UTF8&pd_rd_i=B07WSBPCTF&pd_rd_w=iK7oT&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "items[6.base][asin]" "items[6.base][offerListingId]" "items[6.base][quantity]" "quantity.B07WSBPCTF" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_7?_encoding=UTF8&pd_rd_i=B083LQMD65&pd_rd_w=iK7oT&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=MCBS0QKV451BS2QZZ931&pd_rd_wg=kGlWR&pd_rd_r=80dd94be-7c69-4d10-bf44-753429558aed" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "anti-csrftoken-a2z" "clientName" "items[7.base][asin]" "items[7.base][offerListingId]" "items[7.base][quantity]" "quantity.B083LQMD65" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_attach_percolate_post_atc_4?_encoding=UTF8&pd_rd_i=B000HX0K64&pd_rd_w=UUsqp&content-id=amzn1.sym.f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_p=f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 10: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_attach_percolate_post_atc_5?_encoding=UTF8&pd_rd_i=B07K82GRDV&pd_rd_w=UUsqp&content-id=amzn1.sym.f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_p=f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 11: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_attach_percolate_post_atc_6?_encoding=UTF8&pd_rd_i=B0009V1WP2&pd_rd_w=UUsqp&content-id=amzn1.sym.f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_p=f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 12: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_attach_percolate_post_atc_7?_encoding=UTF8&pd_rd_i=B000ONVJ2G&pd_rd_w=UUsqp&content-id=amzn1.sym.f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_p=f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 13: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_attach_percolate_post_atc_8?_encoding=UTF8&pd_rd_i=B000FKEZ3S&pd_rd_w=UUsqp&content-id=amzn1.sym.f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_p=f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 14: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_0?_encoding=UTF8&pd_rd_i=B07T3F6JST&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 15: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_1?_encoding=UTF8&pd_rd_i=B087S9KSY9&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 16: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_2?_encoding=UTF8&pd_rd_i=B08TJTB8XS&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 17: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_3?_encoding=UTF8&pd_rd_i=B0BVGPHJQ6&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 18: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_5?_encoding=UTF8&pd_rd_i=B0B6WSWZPW&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 19: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_6?_encoding=UTF8&pd_rd_i=B08TJTBSGP&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 20: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_7?_encoding=UTF8&pd_rd_i=B09CMNV65T&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 21: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_8?_encoding=UTF8&pd_rd_i=B01CTBI5CC&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 22: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_9?_encoding=UTF8&pd_rd_i=B0BPTNX2Z1&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 23: "anti-csrftoken-a2z" "clientName" "items[9.base][asin]" "items[9.base][offerListingId]" "items[9.base][quantity]" "quantity.B0BPTNX2Z1" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_10?_encoding=UTF8&pd_rd_i=B08ZGX6L8M&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 24: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_11?_encoding=UTF8&pd_rd_i=B00AU6D24U&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 25: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_12?_encoding=UTF8&pd_rd_i=B098KP41P7&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 26: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_13?_encoding=UTF8&pd_rd_i=B08Z263BK4&pd_rd_w=6z3r7&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 27: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_0?_encoding=UTF8&pd_rd_i=B07S57PQSM&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 28: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_2?_encoding=UTF8&pd_rd_i=B00004Y8CQ&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 29: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="sw-ptc-form" method="get" action="/gp/cart/desktop/go-to-checkout.html/ref=ox_sw_proceed?proceedToCheckout=1&oldCustomerId=0&sessionID=147-4280155-9611859&useDefaultCart=1" class="a-spacing-none a-spacing-top-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "oldCustomerId" "proceedToCheckout" "proceedToRetailCheckout" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_3?_encoding=UTF8&pd_rd_i=B07FL6J8LV&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 30: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_5?_encoding=UTF8&pd_rd_i=B00NTCH52W&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 31: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_6?_encoding=UTF8&pd_rd_i=B00480BUZW&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 32: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_7?_encoding=UTF8&pd_rd_i=B07CM7PJQB&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 33: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_8?_encoding=UTF8&pd_rd_i=B08RJ72Z1S&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 34: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_9?_encoding=UTF8&pd_rd_i=B07Y9FR3R1&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 35: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_11?_encoding=UTF8&pd_rd_i=B08GQDYT3W&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 36: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_13?_encoding=UTF8&pd_rd_i=B077N9PXV3&pd_rd_w=2PxPH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 37: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 38: "ue_back" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_1?_encoding=UTF8&pd_rd_i=B071FRZRY4&pd_rd_w=9CPQq&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "anti-csrftoken-a2z" "clientName" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "quantity.B071FRZRY4" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_2?_encoding=UTF8&pd_rd_i=B0CDGT2BSL&pd_rd_w=9CPQq&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "anti-csrftoken-a2z" "clientName" "items[2.base][asin]" "items[2.base][offerListingId]" "items[2.base][quantity]" "quantity.B0CDGT2BSL" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_4?_encoding=UTF8&pd_rd_i=B07Z8RYFS3&pd_rd_w=9CPQq&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "items[4.base][asin]" "items[4.base][offerListingId]" "items[4.base][quantity]" "quantity.B07Z8RYFS3" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_6?_encoding=UTF8&pd_rd_i=B07TKMYP5C&pd_rd_w=9CPQq&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "items[6.base][asin]" "items[6.base][offerListingId]" "items[6.base][quantity]" "quantity.B07TKMYP5C" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_7?_encoding=UTF8&pd_rd_i=B0C2D6WQ57&pd_rd_w=9CPQq&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "anti-csrftoken-a2z" "clientName" "items[7.base][asin]" "items[7.base][offerListingId]" "items[7.base][quantity]" "quantity.B0C2D6WQ57" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_8?_encoding=UTF8&pd_rd_i=B0B2X2ZR3N&pd_rd_w=9CPQq&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "items[8.base][asin]" "items[8.base][offerListingId]" "items[8.base][quantity]" "quantity.B0B2X2ZR3N" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_attach_percolate_post_atc_3?_encoding=UTF8&pd_rd_i=B009JTW84Y&pd_rd_w=UUsqp&content-id=amzn1.sym.f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_p=f2b77444-53bc-4782-bbab-9153f9d5fe67&pf_rd_r=TD43EFS0K5KJD2Q1Y5A1&pd_rd_wg=ekgqQ&pd_rd_r=3c772d4e-07bc-484b-9416-5204f192dc93" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_0?_encoding=UTF8&pd_rd_i=B07DP8TSFT&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 10: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_1?_encoding=UTF8&pd_rd_i=B0747WDVCL&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 11: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_2?_encoding=UTF8&pd_rd_i=B0164L0Z9O&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 12: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_3?_encoding=UTF8&pd_rd_i=B00OCGUG02&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 13: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_4?_encoding=UTF8&pd_rd_i=B07JPYYMLK&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 14: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_5?_encoding=UTF8&pd_rd_i=B07YCDV31V&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 15: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_6?_encoding=UTF8&pd_rd_i=B07XQM9ZT6&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 16: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_7?_encoding=UTF8&pd_rd_i=B0C7TQF43J&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 17: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_8?_encoding=UTF8&pd_rd_i=B07S3XQFBS&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 18: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_9?_encoding=UTF8&pd_rd_i=B07W9765QW&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 19: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_10?_encoding=UTF8&pd_rd_i=B08B4KYKJZ&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 20: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_11?_encoding=UTF8&pd_rd_i=B094YMHBVW&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 21: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_12?_encoding=UTF8&pd_rd_i=B0BKFHD3VY&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 22: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_ts_crc_13?_encoding=UTF8&pd_rd_i=B07RG7DDW6&pd_rd_w=S6x83&content-id=amzn1.sym.741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_p=741b49a5-61ad-4bfc-a7d5-0d8dd5d6f665&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 23: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 24: "ue_back" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="sw-ptc-form" method="get" action="/gp/cart/desktop/go-to-checkout.html/ref=ox_sw_proceed?proceedToCheckout=1&oldCustomerId=0&sessionID=147-4280155-9611859&useDefaultCart=1" class="a-spacing-none a-spacing-top-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "oldCustomerId" "proceedToCheckout" "proceedToRetailCheckout" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_1?_encoding=UTF8&pd_rd_i=B07FX31L5K&pd_rd_w=aU1qf&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "anti-csrftoken-a2z" "clientName" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "quantity.B07FX31L5K" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_2?_encoding=UTF8&pd_rd_i=B07G44K67L&pd_rd_w=aU1qf&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "anti-csrftoken-a2z" "clientName" "items[2.base][asin]" "items[2.base][offerListingId]" "items[2.base][quantity]" "quantity.B07G44K67L" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_4?_encoding=UTF8&pd_rd_i=B07VQG1G1K&pd_rd_w=aU1qf&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "items[4.base][asin]" "items[4.base][offerListingId]" "items[4.base][quantity]" "quantity.B07VQG1G1K" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_6?_encoding=UTF8&pd_rd_i=B07X8M4B43&pd_rd_w=aU1qf&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "items[6.base][asin]" "items[6.base][offerListingId]" "items[6.base][quantity]" "quantity.B07X8M4B43" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_8?_encoding=UTF8&pd_rd_i=B07XFRDN98&pd_rd_w=aU1qf&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "anti-csrftoken-a2z" "clientName" "items[8.base][asin]" "items[8.base][offerListingId]" "items[8.base][quantity]" "quantity.B07XFRDN98" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_ewc_fbt_0?_encoding=UTF8&pd_rd_i=B0BJCVXMB6&pd_rd_w=XngyO&content-id=amzn1.sym.38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_p=38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_ewc_fbt_1?_encoding=UTF8&pd_rd_i=B07H3ZVMNP&pd_rd_w=XngyO&content-id=amzn1.sym.38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_p=38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_r=F9CZ0PH4S2GENS3B4EX3&pd_rd_wg=vOwTT&pd_rd_r=f2da3fd0-2a6d-4c54-9fae-819e13b40f66" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_5_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" "ref" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_8?_encoding=UTF8&pd_rd_i=B0CC62ZG1M&pd_rd_w=da75G&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 10: "anti-csrftoken-a2z" "clientName" "items[8.base][asin]" "items[8.base][offerListingId]" "items[8.base][quantity]" "quantity.B0CC62ZG1M" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_0?_encoding=UTF8&pd_rd_i=B0BLD393H7&pd_rd_w=LWwKW&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 11: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_huc_vtph_1?_encoding=UTF8&pd_rd_i=B08Q1RN311&pd_rd_w=LWwKW&content-id=amzn1.sym.8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_p=8994214a-098f-45c0-a54e-267bbf2a8b40&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 12: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_0?_encoding=UTF8&pd_rd_i=B09YRMQ698&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 13: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_1?_encoding=UTF8&pd_rd_i=B0B7NV73PJ&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 14: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_3?_encoding=UTF8&pd_rd_i=B0B1PXRM8F&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 15: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_4?_encoding=UTF8&pd_rd_i=B0932DNRD5&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 16: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_5?_encoding=UTF8&pd_rd_i=B00R25GJJW&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 17: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_6?_encoding=UTF8&pd_rd_i=B00V5ZJRNU&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 18: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_7?_encoding=UTF8&pd_rd_i=B0989PYV9P&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 19: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_8?_encoding=UTF8&pd_rd_i=B09WRFJYLF&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 20: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_9?_encoding=UTF8&pd_rd_i=B07PHCVSSS&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 21: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_12?_encoding=UTF8&pd_rd_i=B09NBQ4K87&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 22: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_13?_encoding=UTF8&pd_rd_i=B09QKF2M2S&pd_rd_w=RDdWM&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 23: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_hashrec_0?_encoding=UTF8&pd_rd_i=B08GYKNCCP&pd_rd_w=QHnTd&content-id=amzn1.sym.e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_p=e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 24: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_hashrec_3?_encoding=UTF8&pd_rd_i=B09LYLJD2Q&pd_rd_w=QHnTd&content-id=amzn1.sym.e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_p=e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 25: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_hashrec_6?_encoding=UTF8&pd_rd_i=B0C9K5VLH7&pd_rd_w=QHnTd&content-id=amzn1.sym.e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_p=e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 26: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_hashrec_7?_encoding=UTF8&pd_rd_i=B088R1FDP2&pd_rd_w=QHnTd&content-id=amzn1.sym.e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_p=e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 27: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_hashrec_10?_encoding=UTF8&pd_rd_i=B0C9DQCJ54&pd_rd_w=QHnTd&content-id=amzn1.sym.e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_p=e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 28: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_hashrec_11?_encoding=UTF8&pd_rd_i=B079DY1H33&pd_rd_w=QHnTd&content-id=amzn1.sym.e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_p=e7263ff0-e765-43b7-bfc1-357aef0e8fbb&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 29: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="sw-ptc-form" method="get" action="/gp/cart/desktop/go-to-checkout.html/ref=ox_sw_proceed?proceedToCheckout=1&oldCustomerId=0&sessionID=147-4280155-9611859&useDefaultCart=1" class="a-spacing-none a-spacing-top-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "oldCustomerId" "proceedToCheckout" "proceedToRetailCheckout" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 30: "ue_back" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_1?_encoding=UTF8&pd_rd_i=B0C7W3KTJ3&pd_rd_w=da75G&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "anti-csrftoken-a2z" "clientName" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "quantity.B0C7W3KTJ3" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_2?_encoding=UTF8&pd_rd_i=B0CH7Q92J8&pd_rd_w=da75G&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "anti-csrftoken-a2z" "clientName" "items[2.base][asin]" "items[2.base][offerListingId]" "items[2.base][quantity]" "quantity.B0CH7Q92J8" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_3?_encoding=UTF8&pd_rd_i=B0CHDSGLCF&pd_rd_w=da75G&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "items[3.base][asin]" "items[3.base][offerListingId]" "items[3.base][quantity]" "quantity.B0CHDSGLCF" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_4?_encoding=UTF8&pd_rd_i=B09WC99KRR&pd_rd_w=da75G&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "items[4.base][asin]" "items[4.base][offerListingId]" "items[4.base][quantity]" "quantity.B09WC99KRR" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_5?_encoding=UTF8&pd_rd_i=B0BN8PZP3B&pd_rd_w=da75G&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "anti-csrftoken-a2z" "clientName" "items[5.base][asin]" "items[5.base][offerListingId]" "items[5.base][quantity]" "quantity.B0BN8PZP3B" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_6?_encoding=UTF8&pd_rd_i=B0CN3R4ZW7&pd_rd_w=da75G&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "items[6.base][asin]" "items[6.base][offerListingId]" "items[6.base][quantity]" "quantity.B0CN3R4ZW7" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_7?_encoding=UTF8&pd_rd_i=B0CN52W9PV&pd_rd_w=da75G&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=A53X08YWW1N5KP7BJ1TV&pd_rd_wg=TGuq2&pd_rd_r=45b22a2f-250a-4824-8bd6-d461cd6e064e" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "anti-csrftoken-a2z" "clientName" "items[7.base][asin]" "items[7.base][offerListingId]" "items[7.base][quantity]" "quantity.B0CN52W9PV" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_2?_encoding=UTF8&pd_rd_i=B0B1PXRM8F&pd_rd_w=kzYqI&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 10: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_3?_encoding=UTF8&pd_rd_i=B07CZNJYC3&pd_rd_w=kzYqI&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 11: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_4?_encoding=UTF8&pd_rd_i=B003JJW5P2&pd_rd_w=kzYqI&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 12: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_5?_encoding=UTF8&pd_rd_i=B08GYKNCCP&pd_rd_w=kzYqI&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 13: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_10?_encoding=UTF8&pd_rd_i=B012WAQVYE&pd_rd_w=kzYqI&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 14: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_rtpb_13?_encoding=UTF8&pd_rd_i=B0989PYV9P&pd_rd_w=kzYqI&content-id=amzn1.sym.3340d052-1640-41a0-861c-fef2de394586&pf_rd_p=3340d052-1640-41a0-861c-fef2de394586&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 15: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_cps_0?_encoding=UTF8&pd_rd_i=B01EU9TK3O&pd_rd_w=3htzN&content-id=amzn1.sym.f17ff023-7920-4da7-a998-f259b01180bc&pf_rd_p=f17ff023-7920-4da7-a998-f259b01180bc&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 16: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_cps_1?_encoding=UTF8&pd_rd_i=B00CIQTZXC&pd_rd_w=3htzN&content-id=amzn1.sym.f17ff023-7920-4da7-a998-f259b01180bc&pf_rd_p=f17ff023-7920-4da7-a998-f259b01180bc&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 17: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_ewc_fbt_1?_encoding=UTF8&pd_rd_i=B089BVTB6J&pd_rd_w=MAj7i&content-id=amzn1.sym.38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_p=38487190-8d5e-4a51-a5fb-ff1dd87ce511&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 18: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 19: "ue_back" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="sw-ptc-form" method="get" action="/gp/cart/desktop/go-to-checkout.html/ref=ox_sw_proceed?proceedToCheckout=1&oldCustomerId=0&sessionID=147-4280155-9611859&useDefaultCart=1" class="a-spacing-none a-spacing-top-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "oldCustomerId" "proceedToCheckout" "proceedToRetailCheckout" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_0?_encoding=UTF8&pd_rd_i=B078XLCMRD&pd_rd_w=6hbxM&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "anti-csrftoken-a2z" "clientName" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "quantity.B078XLCMRD" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_1?_encoding=UTF8&pd_rd_i=B07S3RRFF6&pd_rd_w=6hbxM&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "anti-csrftoken-a2z" "clientName" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "quantity.B07S3RRFF6" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_4?_encoding=UTF8&pd_rd_i=B00M9VXF50&pd_rd_w=6hbxM&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "items[4.base][asin]" "items[4.base][offerListingId]" "items[4.base][quantity]" "quantity.B00M9VXF50" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_5?_encoding=UTF8&pd_rd_i=B07FRBK1YB&pd_rd_w=6hbxM&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "items[5.base][asin]" "items[5.base][offerListingId]" "items[5.base][quantity]" "quantity.B07FRBK1YB" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_6?_encoding=UTF8&pd_rd_i=B0BY4F3DQ6&pd_rd_w=6hbxM&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "anti-csrftoken-a2z" "clientName" "items[6.base][asin]" "items[6.base][offerListingId]" "items[6.base][quantity]" "quantity.B0BY4F3DQ6" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_7?_encoding=UTF8&pd_rd_i=B00OPWAMQ6&pd_rd_w=6hbxM&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "items[7.base][asin]" "items[7.base][offerListingId]" "items[7.base][quantity]" "quantity.B00OPWAMQ6" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_8?_encoding=UTF8&pd_rd_i=B010L610EC&pd_rd_w=6hbxM&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=0J49MH73DW4E4CWZ9VNQ&pd_rd_wg=wc5f6&pd_rd_r=dc3c0090-b9e6-44f3-beeb-7b011a51b1d7" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "anti-csrftoken-a2z" "clientName" "items[8.base][asin]" "items[8.base][offerListingId]" "items[8.base][quantity]" "quantity.B010L610EC" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_top_sim_0?_encoding=UTF8&pd_rd_i=B0B1PXRM8F&pd_rd_w=KdYND&content-id=amzn1.sym.f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_p=f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 10: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_top_sim_1?_encoding=UTF8&pd_rd_i=B08GYKNCCP&pd_rd_w=KdYND&content-id=amzn1.sym.f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_p=f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 11: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_top_sim_4?_encoding=UTF8&pd_rd_i=B09WRFJYLF&pd_rd_w=KdYND&content-id=amzn1.sym.f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_p=f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 12: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_top_sim_6?_encoding=UTF8&pd_rd_i=B0BFJCMQNV&pd_rd_w=KdYND&content-id=amzn1.sym.f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_p=f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 13: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_top_sim_7?_encoding=UTF8&pd_rd_i=B09NBQ4K87&pd_rd_w=KdYND&content-id=amzn1.sym.f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_p=f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 14: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_top_sim_8?_encoding=UTF8&pd_rd_i=B09QKF2M2S&pd_rd_w=KdYND&content-id=amzn1.sym.f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_p=f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 15: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_crh_rh_top_sim_12?_encoding=UTF8&pd_rd_i=B0C9K5VLH7&pd_rd_w=KdYND&content-id=amzn1.sym.f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_p=f955a421-f296-47b8-98f4-e33d21582bdb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 16: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_0?_encoding=UTF8&pd_rd_i=B08TJRVWV1&pd_rd_w=1lKFx&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 17: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_1?_encoding=UTF8&pd_rd_i=B09MQC7CHR&pd_rd_w=1lKFx&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 18: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_6?_encoding=UTF8&pd_rd_i=B088R1FDP2&pd_rd_w=1lKFx&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 19: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_12?_encoding=UTF8&pd_rd_i=B07Q7PKW5Z&pd_rd_w=1lKFx&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 20: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pb-allspark-smartwagon_13?_encoding=UTF8&pd_rd_i=B07W6PXRR8&pd_rd_w=1lKFx&content-id=amzn1.sym.6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_p=6a5abd06-a743-4100-a5fa-1d8dd34227fb&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 21: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_1?_encoding=UTF8&pd_rd_i=B07TYBS47Z&pd_rd_w=C5aSH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 22: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_2?_encoding=UTF8&pd_rd_i=B073JYC4XM&pd_rd_w=C5aSH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 23: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_3?_encoding=UTF8&pd_rd_i=B082KHKG89&pd_rd_w=C5aSH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 24: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_4?_encoding=UTF8&pd_rd_i=B08V142ZWB&pd_rd_w=C5aSH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 25: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_6?_encoding=UTF8&pd_rd_i=B095WCW3YK&pd_rd_w=C5aSH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 26: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_7?_encoding=UTF8&pd_rd_i=B07K82GRDV&pd_rd_w=C5aSH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 27: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_8?_encoding=UTF8&pd_rd_i=B095KK4L57&pd_rd_w=C5aSH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 28: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_pd_psc_sw_d_0_9?_encoding=UTF8&pd_rd_i=B08XBH3Q3F&pd_rd_w=C5aSH&content-id=amzn1.sym.1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_p=1d28ac7f-44c0-42b9-97d8-bbded1b7098c&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 29: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="sw-ptc-form" method="get" action="/gp/cart/desktop/go-to-checkout.html/ref=ox_sw_proceed?proceedToCheckout=1&oldCustomerId=0&sessionID=147-4280155-9611859&useDefaultCart=1" class="a-spacing-none a-spacing-top-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "oldCustomerId" "proceedToCheckout" "proceedToRetailCheckout" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 30: "ue_back" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_0?_encoding=UTF8&pd_rd_i=B0741FC1L4&pd_rd_w=XLD8L&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "anti-csrftoken-a2z" "clientName" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "quantity.B0741FC1L4" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_1?_encoding=UTF8&pd_rd_i=B0BZSXSZ6K&pd_rd_w=XLD8L&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "anti-csrftoken-a2z" "clientName" "items[1.base][asin]" "items[1.base][offerListingId]" "items[1.base][quantity]" "quantity.B0BZSXSZ6K" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_2?_encoding=UTF8&pd_rd_i=B0776RRR9Y&pd_rd_w=XLD8L&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "items[2.base][asin]" "items[2.base][offerListingId]" "items[2.base][quantity]" "quantity.B0776RRR9Y" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_3?_encoding=UTF8&pd_rd_i=B015TNSTUU&pd_rd_w=XLD8L&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "items[3.base][asin]" "items[3.base][offerListingId]" "items[3.base][quantity]" "quantity.B015TNSTUU" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_4?_encoding=UTF8&pd_rd_i=B0CHMYVYC1&pd_rd_w=XLD8L&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "anti-csrftoken-a2z" "clientName" "items[4.base][asin]" "items[4.base][offerListingId]" "items[4.base][quantity]" "quantity.B0CHMYVYC1" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_7?_encoding=UTF8&pd_rd_i=B09LYLJD2Q&pd_rd_w=XLD8L&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "items[7.base][asin]" "items[7.base][offerListingId]" "items[7.base][quantity]" "quantity.B09LYLJD2Q" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=sw_atc_a_d_sspa_dk_huc_pt_expsub_8?_encoding=UTF8&pd_rd_i=B0CG1775PK&pd_rd_w=XLD8L&content-id=amzn1.sym.421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_p=421156cc-ae17-4608-955b-a8d126cb098e&pf_rd_r=9C75EE09XNWCSZFWEHCA&pd_rd_wg=tC4Ng&pd_rd_r=141eb8ab-662f-48ad-8d81-7eb50a30a0dc" class="a-spacing-base"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "anti-csrftoken-a2z" "clientName" "items[8.base][asin]" "items[8.base][offerListingId]" "items[8.base][quantity]" "quantity.B0CG1775PK" "spClickUrlATC" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&pd_rd_i=B08SV2Y7J6&pd_rd_w=hVo97&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=RM4WZ5FCT04YW1Y0B9VQ&pd_rd_wg=jMjnC&pd_rd_r=3c4d331b-ede9-47d9-b8e0-3541a5cf36c7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 10: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&pd_rd_i=B017VPIY4U&pd_rd_w=hVo97&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=RM4WZ5FCT04YW1Y0B9VQ&pd_rd_wg=jMjnC&pd_rd_r=3c4d331b-ede9-47d9-b8e0-3541a5cf36c7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 11: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&pd_rd_i=B096X8471C&pd_rd_w=hVo97&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=RM4WZ5FCT04YW1Y0B9VQ&pd_rd_wg=jMjnC&pd_rd_r=3c4d331b-ede9-47d9-b8e0-3541a5cf36c7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 12: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 13: "ue_back" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="gutterCartViewForm" method="get" action="/gp/cart/desktop/go-to-checkout.html/ref=ox_sc_proceed"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "isToBeGiftWrappedBefore" "oldCustomerId" "proceedToCheckout" "proceedToRetailCheckout" "sc-buy-box-gift-checkbox" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="activeCartViewForm" method="post" action="/cart/ref=ord_cart_shr?app-nav-type=none&dc=df"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "" "activePage" "anti-csrftoken-a2z" "quantity.Cd75356dd-2830-4681-9924-faa6607aea1b" "quantityBox" "requestID" "submit.compare.Cd75356dd-2830-4681-9924-faa6607aea1b" "submit.delete.Cd75356dd-2830-4681-9924-faa6607aea1b" "submit.move-to-cart.Cd75356dd-2830-4681-9924-faa6607aea1b" "submit.save-for-later.Cd75356dd-2830-4681-9924-faa6607aea1b" "submit.update-quantity.Cd75356dd-2830-4681-9924-faa6607aea1b" "timeStamp" "token" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="savedCartViewForm" method="post" action="/cart/ref=ord_cart_shr?app-nav-type=none&dc=df"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "anti-csrftoken-a2z" "requestID" "timeStamp" "token" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&pd_rd_i=B0BBPJ1PW6&pd_rd_w=hVo97&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=RM4WZ5FCT04YW1Y0B9VQ&pd_rd_wg=jMjnC&pd_rd_r=3c4d331b-ede9-47d9-b8e0-3541a5cf36c7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 5: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&pd_rd_i=B0BX2MXBH1&pd_rd_w=hVo97&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=RM4WZ5FCT04YW1Y0B9VQ&pd_rd_wg=jMjnC&pd_rd_r=3c4d331b-ede9-47d9-b8e0-3541a5cf36c7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 6: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&pd_rd_i=B000XTPNZK&pd_rd_w=hVo97&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=RM4WZ5FCT04YW1Y0B9VQ&pd_rd_wg=jMjnC&pd_rd_r=3c4d331b-ede9-47d9-b8e0-3541a5cf36c7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 7: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&pd_rd_i=B0BB9BMD7F&pd_rd_w=hVo97&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=RM4WZ5FCT04YW1Y0B9VQ&pd_rd_wg=jMjnC&pd_rd_r=3c4d331b-ede9-47d9-b8e0-3541a5cf36c7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 8: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="/cart/add-to-cart/ref=nta-top-sellers_d_sccl_5_atc_a?_encoding=UTF8&pd_rd_i=1649374178&pd_rd_w=hVo97&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=RM4WZ5FCT04YW1Y0B9VQ&pd_rd_wg=jMjnC&pd_rd_r=3c4d331b-ede9-47d9-b8e0-3541a5cf36c7" class="add-to-cart-data a-spacing-none"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 9: "anti-csrftoken-a2z" "clientName" "customizers" "isNeoAddToCart" "items[0.base][asin]" "items[0.base][offerListingId]" "items[0.base][quantity]" "submit.addToCart" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="nav-search-bar-form" accept-charset="utf-8" action="/s/ref=nb_sb_noss" class="nav-searchbar nav-progressive-attribute" method="GET" name="site-search" role="search" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "nav-search-submit-button" "twotabsearchtextbox" ]. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "anti-csrftoken-a2z" "cross-context-behavioral-ads-opt-in" "cross-context-behavioral-ads-opt-out" "privacy-pref-save" ]. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name='ue_backdetect' action="get"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "ue_back" ]. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form id="a" accept-charset="utf-8" action="/s" method="GET" role="search"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "e" "f" ]. |
| Instances | 1535 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, use anti-CSRF packages such as the OWASP CSRFGuard.
Phase: Implementation
Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.
Phase: Architecture and Design
Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).
Note that this can be bypassed using XSS.
Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.
Note that this can be bypassed using XSS.
Use the ESAPI Session Management control.
This control includes a component for CSRF.
Do not use the GET method for any request that triggers a state change.
Phase: Implementation
Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
|
| Reference |
http://projects.webappsec.org/Cross-Site-Request-Forgery
https://cwe.mitre.org/data/definitions/352.html |
| CWE Id | 352 |
| WASC Id | 9 |
| Plugin Id | 10202 |
|
Medium |
CSP: Wildcard Directive |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b?*node=7454898011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b?*node=7454917011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b?*node=7454927011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b?*node=7454939011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b?*node=9052533011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/baby-reg/homepage/?_encoding=UTF8&ref_=sv_wl_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/baby-reg/homepage/ref=wl_hz_intro |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/baby-reg/homepage?ie=UTF8&ref_=sv_cm_gft_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/baby-reg/search-results |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/business/register/org/landing?ref_=footer_retail_b2b |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/get?ue_back=1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gift-cards/b/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/aw/help/id=sss |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/css/homepage.html/147-4280155-9611859?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=footer_ya |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=nav_AccountFlyout_ya |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/css/order-history?ref_=footer_yo |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/css/order-history?ref_=nav_AccountFlyout_orders |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/css/order-history?ref_=nav_orders_first |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/accessibility |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=13316081&ref_=sv_ys_5 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=897204&ref_=sv_wl_8&sr=1-1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?nodeId=G7DZMQDVP963VXJS |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=508088 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=468496 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201910160 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201971070&ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=202075050 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468496&ref_=footer_privacy |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468520&ref_=footer_shiprates |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468556 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508088&ref_=footer_cou |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=footer_gw_m_b_he |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=nav_cs_customerservice |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GA22MNAVD7XADYG9 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GDFU3JS5AL6SYHRD&ref_=footer_covid |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GLQP8385T78LUERA&ref_=universal_registries_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GWS7X8NH29WQEK5X |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/pdp/profile/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/pdp/profile/?ie=UTF8&ref_=sv_ys_4 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/profile/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/promotion/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/twister/ajaxv2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/video/api |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/video/dvd-rental/settings |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/hp/video/api |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/hz/contact-us/ajax/initiate-trusted-contact/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/hz/help/contact/*/message/$ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/hz/leaderboard/top-reviewers/ |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/Martha-Freeman/e/B004MPJKKK?qid=1701867726&ref=sr_ntt_srch_lnk_49&sr=8-49 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/Paul-Fleischman/e/B000AQ8WWW?qid=1701867726&ref=sr_ntt_srch_lnk_21&sr=8-21 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/Rebecca-Yarros/e/B00HYKBU1W/ref=nta-top-sellers_d_sccl_1_5_bl/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/sp |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/sp?*seller=ABVFEJU8LS620 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=9nNwZbv_G7KGxc8PguiX8Aw&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-5_Zu6xOdjUUTwRtuELe9Og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=enNwZb-BAf6Hxc8Puve3uAM&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-ZWWU_aWiiQ7IbCFu3Ah9mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=IHNwZfq3KfaSxc8P3rOK6A8&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-lPfzxFMvg5CpQaCleT4sQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=OXRwZaGRF5mTxc8P9LOdoAQ&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-mE98iAX4C-ndNt79lN5FpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-QgMv-ecd93aHQ9GEdPx28w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-SnYqbuzu7xtmJP6Ol89kjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-iXUtPqcEvllEg6VgFzl4Hg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-nLnRMHYpyhympjrYIMOF7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=9nNwZbv_G7KGxc8PguiX8Aw&zx=1701868533756&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-RYWwcYRn-HvhvEumJTA69w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=enNwZb-BAf6Hxc8Puve3uAM&zx=1701868409068&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-nfnFM3uwoYzI_L2fdUGz0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868319603&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-th-cxHithqnpKwTkPwDqmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=OXRwZaGRF5mTxc8P9LOdoAQ&zx=1701868600339&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-vaxvHsWjBRDGP4bZ9qS7Uw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868345023&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-PQFUcQF6R9BPajqilW8kHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=9nNwZbv_G7KGxc8PguiX8Aw&zx=1701868535272&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-ltR8pwsh3v-JcXI12iGpCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=enNwZb-BAf6Hxc8Puve3uAM&zx=1701868411083&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-kLKWHdsOAfIq13yFMFzyTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868322593&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-SZoJH3W1y0bEZWgclu3djA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=OXRwZaGRF5mTxc8P9LOdoAQ&zx=1701868602516&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-GobDZNRHMD1Qw9rr-sfmjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | require-trusted-types-for 'script';report-uri /_/ConsentHttp/cspreport |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-hCnY-0mTvc6w5bcLYoVy1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ConsentHttp/cspreport;worker-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ConsentHttp/cspreport/allowlist |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | require-trusted-types-for 'script';report-uri /csp/_/CspCollectorHttp/cspreport |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-Q878jjf0NyrGJ-BOvm7oHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-Sl1GXDuLT8nslzfHsLXbKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-WeGQKYizaHlrl9JEUfOuOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-yaoP-O6SYhHCsOU-i7xaVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /csp/_/CspCollectorHttp/cspreport/allowlist |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=-HNwZfb8Kcrg7_UP7PqVwAE&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.6383aa05-f642-4d89-ab4e-3a64b31dd62a&hp=&rt=ttfb.233,st.235,bs.27,aaft.238,acrt.238,art.238&zx=1701868535350&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-P2c-vYo00PP3pJpTQlDw-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=promo&rt=hpbas.1448&zx=1701868535110&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-us6xjCBu2RE6YclWpxx5aQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=promo&rt=hpbas.1448,hpbarr.241&zx=1701868535351&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Thr-pMxBIX_0WVVFIKNjdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.6383aa05-f642-4d89-ab4e-3a64b31dd62a&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.40,aft.824,prt.175,xjses.474,xjsee.596,xjs.597,dcl.600,afti.824,aftqf.825,lcp.447,fcp.447,wsrt.971,cst.321,dnst.0,rqst.650,rspt.4,sslt.16,rqstt.325,unt.2,cstt.3,dit.1152&zx=1701868534492&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-O_oMlCs4gLdhx6gq8KnLxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=promo&rt=hpbas.1560&zx=1701868410521&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-AMnEbXx-5m1nShAo2UtyVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=promo&rt=hpbas.1560,hpbarr.279&zx=1701868410800&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-lq8ecAO0mUA37uus1vyg7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9b6c5b52-2aa4-4b7b-9ecf-899f28788a77&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.38,aft.635,prt.174,afti.635,aftqf.636,xjses.663,xjsee.746,xjs.746,lcp.457,fcp.457,wsrt.706,cst.314,dnst.0,rqst.389,rspt.2,sslt.12,rqstt.319,unt.2,cstt.4,dit.886&zx=1701868409716&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-K2c8zQ0UA1FPzrlZmvC-XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=fHNwZfSWBdKyi-gPj4-7-AE&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9b6c5b52-2aa4-4b7b-9ecf-899f28788a77&hp=&rt=ttfb.271,st.272,bs.27,aaft.276,acrt.276,art.276&zx=1701868410799&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-97mMpYPvmcnRjTYoNmQpYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=promo&rt=hpbas.1555&zx=1701868321064&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-pMqTdzP5DI315R169D7ugQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=promo&rt=hpbas.1555,hpbarr.209&zx=1701868321274&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0UFpQWLTvLtLXp3DvFpJ4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=all&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=6&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9ab8486a-fc50-4d51-a9d1-8aea6d444afe&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.38,aft.1183,prt.163,afti.1183,cbs.38,cbt.668,xjses.704,xjsee.779,xjs.780,dcl.784,aftqf.1184,lcp.447,fcp.447,wsrt.1333,cst.695,dnst.0,rqst.390,rspt.2,sslt.376,rqstt.945,unt.1,cstt.249,dit.1502&zx=1701868320699&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-aAQGrW2Q7OYgFHGpyerjiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=fi&st=26775&fid=0&zx=1701868345090&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Ff1VDZXh4bQnyZvQRAtAxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=InNwZaiSJZHzsAeliYXgDg&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9ab8486a-fc50-4d51-a9d1-8aea6d444afe&hp=&rt=ttfb.202,st.204,bs.27,aaft.206,acrt.206,art.207&zx=1701868321272&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-UrSgYpU3zPd9RCKcUmW2TQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=O3RwZdnnFPuA9u8Pt4-OsAY&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.5a575ebb-2776-4e13-ac75-c1f5dfe23148&hp=&rt=ttfb.289,st.291,bs.27,aaft.293,acrt.293,art.294&zx=1701868601996&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-6g48LGx5f9MA5WUX_JwGFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=promo&rt=hpbas.1476&zx=1701868601701&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-MMguFbOa8bWJUoJwtTLzaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=promo&rt=hpbas.1476,hpbarr.297&zx=1701868601997&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-15sQgU2Nygoi3eCkw1QG9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.5a575ebb-2776-4e13-ac75-c1f5dfe23148&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.56,aft.711,prt.202,afti.711,aftqf.712,xjses.899,xjsee.996,xjs.996,lcp.603,fcp.603,wsrt.605,cst.312,dnst.0,rqst.295,rspt.5,sslt.17,rqstt.315,unt.1,cstt.2,dit.817&zx=1701868601231&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-G7eLPRS0swu6wj2hgPcaAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ei=9nNwZbv_G7KGxc8PguiX8Aw&ct=slh&v=t1&m=HV&pv=0.012108404164933084&me=1:1701868533836,V,0,0,826,757:0,B,757:0,N,1,9nNwZbv_G7KGxc8PguiX8Aw:0,R,1,1,0,0,826,757:1281,x:3548,e,B&zx=1701868538667&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-fd6SQ-O0GKpMPEczoxsouw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ei=9nNwZbv_G7KGxc8PguiX8Aw&dt19=3&zx=1701868535104&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-_UYVdIADZ1ob7jqmhhN01w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ei=enNwZb-BAf6Hxc8Puve3uAM&dt19=3&zx=1701868410516&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce--vEjV1VqMpO3mHRX4Kzp4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&im=M&pv=0.4899438790134052&me=10:1701868340931,V,0,0,0,0:4022,V,0,0,826,757:72,h,1,1,i:959,G,1,1,682,590:232,h,1,1,o:6576,h,1,1,i:2592,h,1,1,o:5824,e,U&zx=1701868361208&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-vbyh1FnNAizUyxsIxQeXgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&m=HV&pv=0.4899438790134052&me=1:1701868319672,V,0,0,826,757:0,B,757:0,N,1,IHNwZfq3KfaSxc8P3rOK6A8:0,R,1,1,0,0,826,757:1398,x:6814,e,B&zx=1701868327885&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-fWzmbbRwgUMunk7Djaxm_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&pv=0.4899438790134052&me=7:1701868327885,V,0,0,0,0:10232,V,0,0,826,757:2813,e,B&zx=1701868340930&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-qFnt5QH7afPPMHFwNK0FHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&dt19=3&zx=1701868321061&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-wEMqjtW-nS5nBmd4JE4xjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ei=OXRwZaGRF5mTxc8P9LOdoAQ&ct=slh&v=t1&m=HV&pv=0.8756538942773218&me=1:1701868600425,V,0,0,826,757:0,B,757:0,N,1,OXRwZaGRF5mTxc8P9LOdoAQ:0,R,1,1,0,0,826,757:1282,x:3081,e,B&zx=1701868604790&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Q-jLaJwaTEGpBvq2wS0Nnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?atyp=i&ei=OXRwZaGRF5mTxc8P9LOdoAQ&dt19=3&zx=1701868601697&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-hArn8l2ALnfOcVMCjJxcig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?ei=9nNwZbv_G7KGxc8PguiX8Aw&vet=10ahUKEwi70s2r8vqCAxUyQ_EDHQL0Bc4QhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0UjiKrS_MKIt8Yqw6oUwJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?ei=enNwZb-BAf6Hxc8Puve3uAM&vet=10ahUKEwi_pqLw8fqCAxX-Q_EDHbr7DTcQhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-hdLi45fr7TJZyhiFijFvFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&ved=0ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QiZAHCHk&uact=3&bl=btNu&s=webhp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-8HdP6a37nm0gNl_4Q_Pm8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..h&bl=btNu&s=webhp&cdot=25419 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0YAqaBqPTYeT-quFG4N2Aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Cnx-59jLB1Zyr4r33ErvlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?ei=OXRwZaGRF5mTxc8P9LOdoAQ&vet=10ahUKEwjhkcLL8vqCAxWZSfEDHfRZB0QQhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Y_HuFfqBL2n4HA1JV4QW7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&rt=wsrt.971,aft.824,afti.824,hst.40,prt.175&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Mqx4sdNKLYlOlg8_buBDSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&rt=wsrt.706,aft.635,afti.635,hst.38,prt.174&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-FUNFyk7I45T6QfW56tiDrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&rt=wsrt.1333,aft.1183,afti.1183,cbs.38,cbt.668,hst.38,prt.163&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-1MTVsXVJCiOuG3G2Wheh4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&rt=wsrt.605,aft.711,afti.711,hst.56,prt.202&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-zSvrrTGMaPcDSthSQ2GaJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&rt=wsrt.1333,aft.176,afti.176,cbs.38,cbt.668,hst.38,prt.163&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-9-MXAJC_yKCMbg9UHqnoXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| Instances | 324 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
http://www.w3.org/TR/CSP2/
http://www.w3.org/TR/CSP/ http://caniuse.com/#search=content+security+policy http://content-security-policy.com/ https://github.com/shapesecurity/salvation https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
CSP: script-src unsafe-eval |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=9nNwZbv_G7KGxc8PguiX8Aw&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-5_Zu6xOdjUUTwRtuELe9Og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=enNwZb-BAf6Hxc8Puve3uAM&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-ZWWU_aWiiQ7IbCFu3Ah9mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=IHNwZfq3KfaSxc8P3rOK6A8&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-lPfzxFMvg5CpQaCleT4sQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=OXRwZaGRF5mTxc8P9LOdoAQ&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-mE98iAX4C-ndNt79lN5FpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-QgMv-ecd93aHQ9GEdPx28w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-SnYqbuzu7xtmJP6Ol89kjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-iXUtPqcEvllEg6VgFzl4Hg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-nLnRMHYpyhympjrYIMOF7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=9nNwZbv_G7KGxc8PguiX8Aw&zx=1701868533756&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-RYWwcYRn-HvhvEumJTA69w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=enNwZb-BAf6Hxc8Puve3uAM&zx=1701868409068&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-nfnFM3uwoYzI_L2fdUGz0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868319603&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-th-cxHithqnpKwTkPwDqmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=OXRwZaGRF5mTxc8P9LOdoAQ&zx=1701868600339&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-vaxvHsWjBRDGP4bZ9qS7Uw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868345023&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-PQFUcQF6R9BPajqilW8kHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=9nNwZbv_G7KGxc8PguiX8Aw&zx=1701868535272&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-ltR8pwsh3v-JcXI12iGpCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=enNwZb-BAf6Hxc8Puve3uAM&zx=1701868411083&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-kLKWHdsOAfIq13yFMFzyTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868322593&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-SZoJH3W1y0bEZWgclu3djA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=OXRwZaGRF5mTxc8P9LOdoAQ&zx=1701868602516&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-GobDZNRHMD1Qw9rr-sfmjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=-HNwZfb8Kcrg7_UP7PqVwAE&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.6383aa05-f642-4d89-ab4e-3a64b31dd62a&hp=&rt=ttfb.233,st.235,bs.27,aaft.238,acrt.238,art.238&zx=1701868535350&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-P2c-vYo00PP3pJpTQlDw-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=promo&rt=hpbas.1448&zx=1701868535110&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-us6xjCBu2RE6YclWpxx5aQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=promo&rt=hpbas.1448,hpbarr.241&zx=1701868535351&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Thr-pMxBIX_0WVVFIKNjdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.6383aa05-f642-4d89-ab4e-3a64b31dd62a&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.40,aft.824,prt.175,xjses.474,xjsee.596,xjs.597,dcl.600,afti.824,aftqf.825,lcp.447,fcp.447,wsrt.971,cst.321,dnst.0,rqst.650,rspt.4,sslt.16,rqstt.325,unt.2,cstt.3,dit.1152&zx=1701868534492&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-O_oMlCs4gLdhx6gq8KnLxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=promo&rt=hpbas.1560&zx=1701868410521&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-AMnEbXx-5m1nShAo2UtyVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=promo&rt=hpbas.1560,hpbarr.279&zx=1701868410800&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-lq8ecAO0mUA37uus1vyg7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9b6c5b52-2aa4-4b7b-9ecf-899f28788a77&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.38,aft.635,prt.174,afti.635,aftqf.636,xjses.663,xjsee.746,xjs.746,lcp.457,fcp.457,wsrt.706,cst.314,dnst.0,rqst.389,rspt.2,sslt.12,rqstt.319,unt.2,cstt.4,dit.886&zx=1701868409716&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-K2c8zQ0UA1FPzrlZmvC-XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=fHNwZfSWBdKyi-gPj4-7-AE&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9b6c5b52-2aa4-4b7b-9ecf-899f28788a77&hp=&rt=ttfb.271,st.272,bs.27,aaft.276,acrt.276,art.276&zx=1701868410799&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-97mMpYPvmcnRjTYoNmQpYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=promo&rt=hpbas.1555&zx=1701868321064&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-pMqTdzP5DI315R169D7ugQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=promo&rt=hpbas.1555,hpbarr.209&zx=1701868321274&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0UFpQWLTvLtLXp3DvFpJ4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=all&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=6&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9ab8486a-fc50-4d51-a9d1-8aea6d444afe&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.38,aft.1183,prt.163,afti.1183,cbs.38,cbt.668,xjses.704,xjsee.779,xjs.780,dcl.784,aftqf.1184,lcp.447,fcp.447,wsrt.1333,cst.695,dnst.0,rqst.390,rspt.2,sslt.376,rqstt.945,unt.1,cstt.249,dit.1502&zx=1701868320699&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-aAQGrW2Q7OYgFHGpyerjiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=fi&st=26775&fid=0&zx=1701868345090&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Ff1VDZXh4bQnyZvQRAtAxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=InNwZaiSJZHzsAeliYXgDg&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9ab8486a-fc50-4d51-a9d1-8aea6d444afe&hp=&rt=ttfb.202,st.204,bs.27,aaft.206,acrt.206,art.207&zx=1701868321272&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-UrSgYpU3zPd9RCKcUmW2TQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=O3RwZdnnFPuA9u8Pt4-OsAY&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.5a575ebb-2776-4e13-ac75-c1f5dfe23148&hp=&rt=ttfb.289,st.291,bs.27,aaft.293,acrt.293,art.294&zx=1701868601996&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-6g48LGx5f9MA5WUX_JwGFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=promo&rt=hpbas.1476&zx=1701868601701&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-MMguFbOa8bWJUoJwtTLzaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=promo&rt=hpbas.1476,hpbarr.297&zx=1701868601997&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-15sQgU2Nygoi3eCkw1QG9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.5a575ebb-2776-4e13-ac75-c1f5dfe23148&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.56,aft.711,prt.202,afti.711,aftqf.712,xjses.899,xjsee.996,xjs.996,lcp.603,fcp.603,wsrt.605,cst.312,dnst.0,rqst.295,rspt.5,sslt.17,rqstt.315,unt.1,cstt.2,dit.817&zx=1701868601231&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-G7eLPRS0swu6wj2hgPcaAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ei=9nNwZbv_G7KGxc8PguiX8Aw&ct=slh&v=t1&m=HV&pv=0.012108404164933084&me=1:1701868533836,V,0,0,826,757:0,B,757:0,N,1,9nNwZbv_G7KGxc8PguiX8Aw:0,R,1,1,0,0,826,757:1281,x:3548,e,B&zx=1701868538667&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-fd6SQ-O0GKpMPEczoxsouw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ei=9nNwZbv_G7KGxc8PguiX8Aw&dt19=3&zx=1701868535104&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-_UYVdIADZ1ob7jqmhhN01w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ei=enNwZb-BAf6Hxc8Puve3uAM&dt19=3&zx=1701868410516&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce--vEjV1VqMpO3mHRX4Kzp4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&im=M&pv=0.4899438790134052&me=10:1701868340931,V,0,0,0,0:4022,V,0,0,826,757:72,h,1,1,i:959,G,1,1,682,590:232,h,1,1,o:6576,h,1,1,i:2592,h,1,1,o:5824,e,U&zx=1701868361208&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-vbyh1FnNAizUyxsIxQeXgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&m=HV&pv=0.4899438790134052&me=1:1701868319672,V,0,0,826,757:0,B,757:0,N,1,IHNwZfq3KfaSxc8P3rOK6A8:0,R,1,1,0,0,826,757:1398,x:6814,e,B&zx=1701868327885&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-fWzmbbRwgUMunk7Djaxm_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&pv=0.4899438790134052&me=7:1701868327885,V,0,0,0,0:10232,V,0,0,826,757:2813,e,B&zx=1701868340930&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-qFnt5QH7afPPMHFwNK0FHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&dt19=3&zx=1701868321061&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-wEMqjtW-nS5nBmd4JE4xjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ei=OXRwZaGRF5mTxc8P9LOdoAQ&ct=slh&v=t1&m=HV&pv=0.8756538942773218&me=1:1701868600425,V,0,0,826,757:0,B,757:0,N,1,OXRwZaGRF5mTxc8P9LOdoAQ:0,R,1,1,0,0,826,757:1282,x:3081,e,B&zx=1701868604790&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Q-jLaJwaTEGpBvq2wS0Nnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?atyp=i&ei=OXRwZaGRF5mTxc8P9LOdoAQ&dt19=3&zx=1701868601697&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-hArn8l2ALnfOcVMCjJxcig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?ei=9nNwZbv_G7KGxc8PguiX8Aw&vet=10ahUKEwi70s2r8vqCAxUyQ_EDHQL0Bc4QhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0UjiKrS_MKIt8Yqw6oUwJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?ei=enNwZb-BAf6Hxc8Puve3uAM&vet=10ahUKEwi_pqLw8fqCAxX-Q_EDHbr7DTcQhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-hdLi45fr7TJZyhiFijFvFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&ved=0ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QiZAHCHk&uact=3&bl=btNu&s=webhp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-8HdP6a37nm0gNl_4Q_Pm8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..h&bl=btNu&s=webhp&cdot=25419 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0YAqaBqPTYeT-quFG4N2Aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Cnx-59jLB1Zyr4r33ErvlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?ei=OXRwZaGRF5mTxc8P9LOdoAQ&vet=10ahUKEwjhkcLL8vqCAxWZSfEDHfRZB0QQhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Y_HuFfqBL2n4HA1JV4QW7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&rt=wsrt.971,aft.824,afti.824,hst.40,prt.175&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Mqx4sdNKLYlOlg8_buBDSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&rt=wsrt.706,aft.635,afti.635,hst.38,prt.174&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-FUNFyk7I45T6QfW56tiDrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&rt=wsrt.1333,aft.1183,afti.1183,cbs.38,cbt.668,hst.38,prt.163&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-1MTVsXVJCiOuG3G2Wheh4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&rt=wsrt.605,aft.711,afti.711,hst.56,prt.202&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-zSvrrTGMaPcDSthSQ2GaJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| URL | https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&rt=wsrt.1333,aft.176,afti.176,cbs.38,cbt.668,hst.38,prt.163&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-9-MXAJC_yKCMbg9UHqnoXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | script-src includes unsafe-eval. |
| Instances | 54 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
http://www.w3.org/TR/CSP2/
http://www.w3.org/TR/CSP/ http://caniuse.com/#search=content+security+policy http://content-security-policy.com/ https://github.com/shapesecurity/salvation https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
CSP: script-src unsafe-inline |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=7454898011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=7454917011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=7454927011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=7454939011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=9052533011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/baby-reg/homepage/?_encoding=UTF8&ref_=sv_wl_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/baby-reg/homepage/ref=wl_hz_intro |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/baby-reg/homepage?ie=UTF8&ref_=sv_cm_gft_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/baby-reg/search-results |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/business/register/org/landing?ref_=footer_retail_b2b |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/get?ue_back=1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/aw/help/id=sss |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/homepage.html/147-4280155-9611859?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=footer_ya |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=nav_AccountFlyout_ya |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/order-history?ref_=footer_yo |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/order-history?ref_=nav_AccountFlyout_orders |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/order-history?ref_=nav_orders_first |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/accessibility |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=13316081&ref_=sv_ys_5 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=897204&ref_=sv_wl_8&sr=1-1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?nodeId=G7DZMQDVP963VXJS |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=508088 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=468496 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201910160 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201971070&ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=202075050 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468496&ref_=footer_privacy |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468520&ref_=footer_shiprates |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468556 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508088&ref_=footer_cou |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=footer_gw_m_b_he |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=nav_cs_customerservice |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GA22MNAVD7XADYG9 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GDFU3JS5AL6SYHRD&ref_=footer_covid |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GLQP8385T78LUERA&ref_=universal_registries_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GWS7X8NH29WQEK5X |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/pdp/profile/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/pdp/profile/?ie=UTF8&ref_=sv_ys_4 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/profile/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/promotion/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/twister/ajaxv2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/video/api |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/video/dvd-rental/settings |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/hp/video/api |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/contact-us/ajax/initiate-trusted-contact/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/help/contact/*/message/$ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/leaderboard/top-reviewers/ |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/Martha-Freeman/e/B004MPJKKK?qid=1701867726&ref=sr_ntt_srch_lnk_49&sr=8-49 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/Paul-Fleischman/e/B000AQ8WWW?qid=1701867726&ref=sr_ntt_srch_lnk_21&sr=8-21 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/Rebecca-Yarros/e/B00HYKBU1W/ref=nta-top-sellers_d_sccl_1_5_bl/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/sp |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/sp?*seller=ABVFEJU8LS620 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | require-trusted-types-for 'script';report-uri /_/ConsentHttp/cspreport |
| Other Info | script-src includes unsafe-inline. |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ConsentHttp/cspreport/allowlist |
| Other Info | script-src includes unsafe-inline. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | require-trusted-types-for 'script';report-uri /csp/_/CspCollectorHttp/cspreport |
| Other Info | script-src includes unsafe-inline. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /csp/_/CspCollectorHttp/cspreport/allowlist |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | script-src includes unsafe-inline. |
| Instances | 265 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
http://www.w3.org/TR/CSP2/
http://www.w3.org/TR/CSP/ http://caniuse.com/#search=content+security+policy http://content-security-policy.com/ https://github.com/shapesecurity/salvation https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
CSP: style-src unsafe-inline |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=7454898011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=7454917011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=7454927011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=7454939011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?*node=9052533011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/baby-reg/homepage/?_encoding=UTF8&ref_=sv_wl_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/baby-reg/homepage/ref=wl_hz_intro |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/baby-reg/homepage?ie=UTF8&ref_=sv_cm_gft_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/baby-reg/search-results |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/business/register/org/landing?ref_=footer_retail_b2b |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/get?ue_back=1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gift-cards/b/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/aw/help/id=sss |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/homepage.html/147-4280155-9611859?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=footer_ya |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=nav_AccountFlyout_ya |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/order-history?ref_=footer_yo |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/order-history?ref_=nav_AccountFlyout_orders |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/css/order-history?ref_=nav_orders_first |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/accessibility |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=13316081&ref_=sv_ys_5 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=897204&ref_=sv_wl_8&sr=1-1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/?nodeId=G7DZMQDVP963VXJS |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=508088 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=468496 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201910160 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201971070&ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=202075050 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468496&ref_=footer_privacy |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468520&ref_=footer_shiprates |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468556 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508088&ref_=footer_cou |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=footer_gw_m_b_he |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=nav_cs_customerservice |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GA22MNAVD7XADYG9 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GDFU3JS5AL6SYHRD&ref_=footer_covid |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GLQP8385T78LUERA&ref_=universal_registries_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GWS7X8NH29WQEK5X |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/pdp/profile/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/pdp/profile/?ie=UTF8&ref_=sv_ys_4 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/profile/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/promotion/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/twister/ajaxv2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/video/api |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/video/dvd-rental/settings |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/hp/video/api |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/contact-us/ajax/initiate-trusted-contact/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/help/contact/*/message/$ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/leaderboard/top-reviewers/ |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/Martha-Freeman/e/B004MPJKKK?qid=1701867726&ref=sr_ntt_srch_lnk_49&sr=8-49 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/Paul-Fleischman/e/B000AQ8WWW?qid=1701867726&ref=sr_ntt_srch_lnk_21&sr=8-21 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/Rebecca-Yarros/e/B00HYKBU1W/ref=nta-top-sellers_d_sccl_1_5_bl/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/sp |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/sp?*seller=ABVFEJU8LS620 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=9nNwZbv_G7KGxc8PguiX8Aw&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-5_Zu6xOdjUUTwRtuELe9Og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=enNwZb-BAf6Hxc8Puve3uAM&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-ZWWU_aWiiQ7IbCFu3Ah9mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=IHNwZfq3KfaSxc8P3rOK6A8&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-lPfzxFMvg5CpQaCleT4sQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=OXRwZaGRF5mTxc8P9LOdoAQ&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-mE98iAX4C-ndNt79lN5FpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-QgMv-ecd93aHQ9GEdPx28w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-SnYqbuzu7xtmJP6Ol89kjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-iXUtPqcEvllEg6VgFzl4Hg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-nLnRMHYpyhympjrYIMOF7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=9nNwZbv_G7KGxc8PguiX8Aw&zx=1701868533756&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-RYWwcYRn-HvhvEumJTA69w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=enNwZb-BAf6Hxc8Puve3uAM&zx=1701868409068&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-nfnFM3uwoYzI_L2fdUGz0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868319603&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-th-cxHithqnpKwTkPwDqmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=OXRwZaGRF5mTxc8P9LOdoAQ&zx=1701868600339&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-vaxvHsWjBRDGP4bZ9qS7Uw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868345023&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-PQFUcQF6R9BPajqilW8kHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=9nNwZbv_G7KGxc8PguiX8Aw&zx=1701868535272&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-ltR8pwsh3v-JcXI12iGpCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=enNwZb-BAf6Hxc8Puve3uAM&zx=1701868411083&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-kLKWHdsOAfIq13yFMFzyTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868322593&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-SZoJH3W1y0bEZWgclu3djA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=OXRwZaGRF5mTxc8P9LOdoAQ&zx=1701868602516&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-GobDZNRHMD1Qw9rr-sfmjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | require-trusted-types-for 'script';report-uri /_/ConsentHttp/cspreport |
| Other Info | style-src includes unsafe-inline. |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-hCnY-0mTvc6w5bcLYoVy1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ConsentHttp/cspreport;worker-src 'self' |
| Other Info | style-src includes unsafe-inline. |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ConsentHttp/cspreport/allowlist |
| Other Info | style-src includes unsafe-inline. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | require-trusted-types-for 'script';report-uri /csp/_/CspCollectorHttp/cspreport |
| Other Info | style-src includes unsafe-inline. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-Q878jjf0NyrGJ-BOvm7oHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | style-src includes unsafe-inline. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-Sl1GXDuLT8nslzfHsLXbKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | style-src includes unsafe-inline. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-WeGQKYizaHlrl9JEUfOuOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | style-src includes unsafe-inline. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-yaoP-O6SYhHCsOU-i7xaVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | style-src includes unsafe-inline. |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /csp/_/CspCollectorHttp/cspreport/allowlist |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=-HNwZfb8Kcrg7_UP7PqVwAE&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.6383aa05-f642-4d89-ab4e-3a64b31dd62a&hp=&rt=ttfb.233,st.235,bs.27,aaft.238,acrt.238,art.238&zx=1701868535350&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-P2c-vYo00PP3pJpTQlDw-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=promo&rt=hpbas.1448&zx=1701868535110&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-us6xjCBu2RE6YclWpxx5aQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=promo&rt=hpbas.1448,hpbarr.241&zx=1701868535351&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Thr-pMxBIX_0WVVFIKNjdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.6383aa05-f642-4d89-ab4e-3a64b31dd62a&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.40,aft.824,prt.175,xjses.474,xjsee.596,xjs.597,dcl.600,afti.824,aftqf.825,lcp.447,fcp.447,wsrt.971,cst.321,dnst.0,rqst.650,rspt.4,sslt.16,rqstt.325,unt.2,cstt.3,dit.1152&zx=1701868534492&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-O_oMlCs4gLdhx6gq8KnLxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=promo&rt=hpbas.1560&zx=1701868410521&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-AMnEbXx-5m1nShAo2UtyVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=promo&rt=hpbas.1560,hpbarr.279&zx=1701868410800&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-lq8ecAO0mUA37uus1vyg7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9b6c5b52-2aa4-4b7b-9ecf-899f28788a77&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.38,aft.635,prt.174,afti.635,aftqf.636,xjses.663,xjsee.746,xjs.746,lcp.457,fcp.457,wsrt.706,cst.314,dnst.0,rqst.389,rspt.2,sslt.12,rqstt.319,unt.2,cstt.4,dit.886&zx=1701868409716&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-K2c8zQ0UA1FPzrlZmvC-XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=fHNwZfSWBdKyi-gPj4-7-AE&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9b6c5b52-2aa4-4b7b-9ecf-899f28788a77&hp=&rt=ttfb.271,st.272,bs.27,aaft.276,acrt.276,art.276&zx=1701868410799&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-97mMpYPvmcnRjTYoNmQpYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=promo&rt=hpbas.1555&zx=1701868321064&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-pMqTdzP5DI315R169D7ugQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=promo&rt=hpbas.1555,hpbarr.209&zx=1701868321274&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0UFpQWLTvLtLXp3DvFpJ4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=all&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=6&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9ab8486a-fc50-4d51-a9d1-8aea6d444afe&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.38,aft.1183,prt.163,afti.1183,cbs.38,cbt.668,xjses.704,xjsee.779,xjs.780,dcl.784,aftqf.1184,lcp.447,fcp.447,wsrt.1333,cst.695,dnst.0,rqst.390,rspt.2,sslt.376,rqstt.945,unt.1,cstt.249,dit.1502&zx=1701868320699&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-aAQGrW2Q7OYgFHGpyerjiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=fi&st=26775&fid=0&zx=1701868345090&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Ff1VDZXh4bQnyZvQRAtAxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=InNwZaiSJZHzsAeliYXgDg&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9ab8486a-fc50-4d51-a9d1-8aea6d444afe&hp=&rt=ttfb.202,st.204,bs.27,aaft.206,acrt.206,art.207&zx=1701868321272&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-UrSgYpU3zPd9RCKcUmW2TQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=O3RwZdnnFPuA9u8Pt4-OsAY&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.5a575ebb-2776-4e13-ac75-c1f5dfe23148&hp=&rt=ttfb.289,st.291,bs.27,aaft.293,acrt.293,art.294&zx=1701868601996&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-6g48LGx5f9MA5WUX_JwGFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=promo&rt=hpbas.1476&zx=1701868601701&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-MMguFbOa8bWJUoJwtTLzaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=promo&rt=hpbas.1476,hpbarr.297&zx=1701868601997&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-15sQgU2Nygoi3eCkw1QG9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.5a575ebb-2776-4e13-ac75-c1f5dfe23148&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.56,aft.711,prt.202,afti.711,aftqf.712,xjses.899,xjsee.996,xjs.996,lcp.603,fcp.603,wsrt.605,cst.312,dnst.0,rqst.295,rspt.5,sslt.17,rqstt.315,unt.1,cstt.2,dit.817&zx=1701868601231&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-G7eLPRS0swu6wj2hgPcaAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ei=9nNwZbv_G7KGxc8PguiX8Aw&ct=slh&v=t1&m=HV&pv=0.012108404164933084&me=1:1701868533836,V,0,0,826,757:0,B,757:0,N,1,9nNwZbv_G7KGxc8PguiX8Aw:0,R,1,1,0,0,826,757:1281,x:3548,e,B&zx=1701868538667&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-fd6SQ-O0GKpMPEczoxsouw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ei=9nNwZbv_G7KGxc8PguiX8Aw&dt19=3&zx=1701868535104&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-_UYVdIADZ1ob7jqmhhN01w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ei=enNwZb-BAf6Hxc8Puve3uAM&dt19=3&zx=1701868410516&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce--vEjV1VqMpO3mHRX4Kzp4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&im=M&pv=0.4899438790134052&me=10:1701868340931,V,0,0,0,0:4022,V,0,0,826,757:72,h,1,1,i:959,G,1,1,682,590:232,h,1,1,o:6576,h,1,1,i:2592,h,1,1,o:5824,e,U&zx=1701868361208&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-vbyh1FnNAizUyxsIxQeXgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&m=HV&pv=0.4899438790134052&me=1:1701868319672,V,0,0,826,757:0,B,757:0,N,1,IHNwZfq3KfaSxc8P3rOK6A8:0,R,1,1,0,0,826,757:1398,x:6814,e,B&zx=1701868327885&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-fWzmbbRwgUMunk7Djaxm_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&pv=0.4899438790134052&me=7:1701868327885,V,0,0,0,0:10232,V,0,0,826,757:2813,e,B&zx=1701868340930&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-qFnt5QH7afPPMHFwNK0FHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&dt19=3&zx=1701868321061&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-wEMqjtW-nS5nBmd4JE4xjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ei=OXRwZaGRF5mTxc8P9LOdoAQ&ct=slh&v=t1&m=HV&pv=0.8756538942773218&me=1:1701868600425,V,0,0,826,757:0,B,757:0,N,1,OXRwZaGRF5mTxc8P9LOdoAQ:0,R,1,1,0,0,826,757:1282,x:3081,e,B&zx=1701868604790&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Q-jLaJwaTEGpBvq2wS0Nnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?atyp=i&ei=OXRwZaGRF5mTxc8P9LOdoAQ&dt19=3&zx=1701868601697&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-hArn8l2ALnfOcVMCjJxcig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?ei=9nNwZbv_G7KGxc8PguiX8Aw&vet=10ahUKEwi70s2r8vqCAxUyQ_EDHQL0Bc4QhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0UjiKrS_MKIt8Yqw6oUwJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?ei=enNwZb-BAf6Hxc8Puve3uAM&vet=10ahUKEwi_pqLw8fqCAxX-Q_EDHbr7DTcQhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-hdLi45fr7TJZyhiFijFvFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&ved=0ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QiZAHCHk&uact=3&bl=btNu&s=webhp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-8HdP6a37nm0gNl_4Q_Pm8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..h&bl=btNu&s=webhp&cdot=25419 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0YAqaBqPTYeT-quFG4N2Aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Cnx-59jLB1Zyr4r33ErvlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?ei=OXRwZaGRF5mTxc8P9LOdoAQ&vet=10ahUKEwjhkcLL8vqCAxWZSfEDHfRZB0QQhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Y_HuFfqBL2n4HA1JV4QW7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&rt=wsrt.971,aft.824,afti.824,hst.40,prt.175&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Mqx4sdNKLYlOlg8_buBDSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&rt=wsrt.706,aft.635,afti.635,hst.38,prt.174&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-FUNFyk7I45T6QfW56tiDrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&rt=wsrt.1333,aft.1183,afti.1183,cbs.38,cbt.668,hst.38,prt.163&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-1MTVsXVJCiOuG3G2Wheh4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&rt=wsrt.605,aft.711,afti.711,hst.56,prt.202&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-zSvrrTGMaPcDSthSQ2GaJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| URL | https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&rt=wsrt.1333,aft.176,afti.176,cbs.38,cbt.668,hst.38,prt.163&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-9-MXAJC_yKCMbg9UHqnoXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | style-src includes unsafe-inline. |
| Instances | 324 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
http://www.w3.org/TR/CSP2/
http://www.w3.org/TR/CSP/ http://caniuse.com/#search=content+security+policy http://content-security-policy.com/ https://github.com/shapesecurity/salvation https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
Cross-Domain Misconfiguration |
|---|---|
| Description |
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server
|
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Other Info | The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUI-3c913031596ca78a3768f4e934b1cc02ce238101.secure.min._V1_.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Other Info | The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/ClientSideMetricsAUIJavascript-51171fbdd28e1a7a61e922e8f0272af8bc74d37b.secure.variant-desktop-session-snapshot-keypress.min._V2_.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Other Info | The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/csm-captcha-instrumentation.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Other Info | The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/rd-script-6d68177fa6061598e9509dc4b5bdd08d.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Other Info | The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/ue-base-1c399ad9886cab69575e1e5ee15c61a1._V313498596_.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Other Info | The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. |
| URL | https://fls-na.amazon.com/1/batch/1/OE/ |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Other Info | The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. |
| Instances | 7 |
| Solution |
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).
Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
|
| Reference | https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy |
| CWE Id | 264 |
| WASC Id | 14 |
| Plugin Id | 10098 |
|
Low |
Application Error Disclosure |
|---|---|
| Description |
This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.
|
| URL | https://www.amazon.com/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| Instances | 1 |
| Solution |
Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
|
| Reference | |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 90022 |
|
Low |
CSP: Notices |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b?*node=7454898011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b?*node=7454917011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b?*node=7454927011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b?*node=7454939011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b?*node=9052533011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/baby-reg/homepage/?_encoding=UTF8&ref_=sv_wl_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/baby-reg/homepage/ref=wl_hz_intro |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/baby-reg/homepage?ie=UTF8&ref_=sv_cm_gft_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/baby-reg/search-results |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/business/register/org/landing?ref_=footer_retail_b2b |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/get?ue_back=1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gift-cards/b/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gift-cards/b/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/aw/help/id=sss |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/css/homepage.html/147-4280155-9611859?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=footer_ya |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/css/homepage.html?ref_=nav_AccountFlyout_ya |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/css/order-history?ref_=footer_yo |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/css/order-history?ref_=nav_AccountFlyout_orders |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/css/order-history?ref_=nav_orders_first |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/accessibility |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=13316081&ref_=sv_ys_5 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html/?ie=UTF8&nodeId=897204&ref_=sv_wl_8&sr=1-1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html/?nodeId=G7DZMQDVP963VXJS |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=508088 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=468496 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201910160 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=201971070&ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=202075050 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468496&ref_=footer_privacy |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468520&ref_=footer_shiprates |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=468556 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508088&ref_=footer_cou |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=footer_gw_m_b_he |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=508510&ref_=nav_cs_customerservice |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GA22MNAVD7XADYG9 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GDFU3JS5AL6SYHRD&ref_=footer_covid |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GLQP8385T78LUERA&ref_=universal_registries_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GWS7X8NH29WQEK5X |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history/get?ue_back=1 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/pdp/profile/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/pdp/profile/?ie=UTF8&ref_=sv_ys_4 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/profile/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/promotion/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/twister/ajaxv2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/video/api |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/video/dvd-rental/settings |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/hp/video/api |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/hz/contact-us/ajax/initiate-trusted-contact/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/hz/help/contact/*/message/$ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/hz/leaderboard/top-reviewers/ |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/Martha-Freeman/e/B004MPJKKK?qid=1701867726&ref=sr_ntt_srch_lnk_49&sr=8-49 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/Paul-Fleischman/e/B000AQ8WWW?qid=1701867726&ref=sr_ntt_srch_lnk_21&sr=8-21 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/Rebecca-Yarros/e/B00HYKBU1W/ref=nta-top-sellers_d_sccl_1_5_bl/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/sp |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/sp?*seller=ABVFEJU8LS620 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=9nNwZbv_G7KGxc8PguiX8Aw&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-5_Zu6xOdjUUTwRtuELe9Og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=enNwZb-BAf6Hxc8Puve3uAM&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-ZWWU_aWiiQ7IbCFu3Ah9mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=IHNwZfq3KfaSxc8P3rOK6A8&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-lPfzxFMvg5CpQaCleT4sQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/client_204?atyp=i&biw=826&bih=757&dpr=2.25&mtp=10&ei=OXRwZaGRF5mTxc8P9LOdoAQ&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-mE98iAX4C-ndNt79lN5FpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-QgMv-ecd93aHQ9GEdPx28w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-SnYqbuzu7xtmJP6Ol89kjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-iXUtPqcEvllEg6VgFzl4Hg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-nLnRMHYpyhympjrYIMOF7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=9nNwZbv_G7KGxc8PguiX8Aw&zx=1701868533756&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-RYWwcYRn-HvhvEumJTA69w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=enNwZb-BAf6Hxc8Puve3uAM&zx=1701868409068&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-nfnFM3uwoYzI_L2fdUGz0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868319603&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-th-cxHithqnpKwTkPwDqmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=OXRwZaGRF5mTxc8P9LOdoAQ&zx=1701868600339&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-vaxvHsWjBRDGP4bZ9qS7Uw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868345023&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-PQFUcQF6R9BPajqilW8kHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=9nNwZbv_G7KGxc8PguiX8Aw&zx=1701868535272&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-ltR8pwsh3v-JcXI12iGpCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=enNwZb-BAf6Hxc8Puve3uAM&zx=1701868411083&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-kLKWHdsOAfIq13yFMFzyTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868322593&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-SZoJH3W1y0bEZWgclu3djA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=OXRwZaGRF5mTxc8P9LOdoAQ&zx=1701868602516&opi=89978449 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-GobDZNRHMD1Qw9rr-sfmjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | require-trusted-types-for 'script';report-uri /_/ConsentHttp/cspreport |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-hCnY-0mTvc6w5bcLYoVy1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ConsentHttp/cspreport;worker-src 'self' |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ConsentHttp/cspreport/allowlist |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive The report-uri directive has been deprecated in favor of the new report-to directive The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | require-trusted-types-for 'script';report-uri /csp/_/CspCollectorHttp/cspreport |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-Q878jjf0NyrGJ-BOvm7oHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-Sl1GXDuLT8nslzfHsLXbKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-yaoP-O6SYhHCsOU-i7xaVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'report-sample' 'nonce-WeGQKYizaHlrl9JEUfOuOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /csp/_/CspCollectorHttp/cspreport;worker-src 'self' |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /csp/_/CspCollectorHttp/cspreport/allowlist |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | require-trusted-types-for 'script';report-uri /csp/_/CspCollectorHttp/cspreport |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive The report-uri directive has been deprecated in favor of the new report-to directive The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://csp.withgoogle.com/csp/gws/other-hp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /csp/_/CspCollectorHttp/cspreport/allowlist |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive The report-uri directive has been deprecated in favor of the new report-to directive The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | POST |
| Parameter | content-security-policy |
| Attack | |
| Evidence | upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=-HNwZfb8Kcrg7_UP7PqVwAE&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.6383aa05-f642-4d89-ab4e-3a64b31dd62a&hp=&rt=ttfb.233,st.235,bs.27,aaft.238,acrt.238,art.238&zx=1701868535350&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-P2c-vYo00PP3pJpTQlDw-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=promo&rt=hpbas.1448&zx=1701868535110&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-us6xjCBu2RE6YclWpxx5aQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=promo&rt=hpbas.1448,hpbarr.241&zx=1701868535351&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Thr-pMxBIX_0WVVFIKNjdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.6383aa05-f642-4d89-ab4e-3a64b31dd62a&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.40,aft.824,prt.175,xjses.474,xjsee.596,xjs.597,dcl.600,afti.824,aftqf.825,lcp.447,fcp.447,wsrt.971,cst.321,dnst.0,rqst.650,rspt.4,sslt.16,rqstt.325,unt.2,cstt.3,dit.1152&zx=1701868534492&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-O_oMlCs4gLdhx6gq8KnLxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=promo&rt=hpbas.1560&zx=1701868410521&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-AMnEbXx-5m1nShAo2UtyVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=promo&rt=hpbas.1560,hpbarr.279&zx=1701868410800&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-lq8ecAO0mUA37uus1vyg7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9b6c5b52-2aa4-4b7b-9ecf-899f28788a77&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.38,aft.635,prt.174,afti.635,aftqf.636,xjses.663,xjsee.746,xjs.746,lcp.457,fcp.457,wsrt.706,cst.314,dnst.0,rqst.389,rspt.2,sslt.12,rqstt.319,unt.2,cstt.4,dit.886&zx=1701868409716&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-K2c8zQ0UA1FPzrlZmvC-XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=fHNwZfSWBdKyi-gPj4-7-AE&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9b6c5b52-2aa4-4b7b-9ecf-899f28788a77&hp=&rt=ttfb.271,st.272,bs.27,aaft.276,acrt.276,art.276&zx=1701868410799&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-97mMpYPvmcnRjTYoNmQpYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=promo&rt=hpbas.1555&zx=1701868321064&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-pMqTdzP5DI315R169D7ugQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=promo&rt=hpbas.1555,hpbarr.209&zx=1701868321274&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0UFpQWLTvLtLXp3DvFpJ4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=all&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=6&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9ab8486a-fc50-4d51-a9d1-8aea6d444afe&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.38,aft.1183,prt.163,afti.1183,cbs.38,cbt.668,xjses.704,xjsee.779,xjs.780,dcl.784,aftqf.1184,lcp.447,fcp.447,wsrt.1333,cst.695,dnst.0,rqst.390,rspt.2,sslt.376,rqstt.945,unt.1,cstt.249,dit.1502&zx=1701868320699&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-aAQGrW2Q7OYgFHGpyerjiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=fi&st=26775&fid=0&zx=1701868345090&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Ff1VDZXh4bQnyZvQRAtAxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=InNwZaiSJZHzsAeliYXgDg&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.9ab8486a-fc50-4d51-a9d1-8aea6d444afe&hp=&rt=ttfb.202,st.204,bs.27,aaft.206,acrt.206,art.207&zx=1701868321272&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-UrSgYpU3zPd9RCKcUmW2TQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=O3RwZdnnFPuA9u8Pt4-OsAY&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.5a575ebb-2776-4e13-ac75-c1f5dfe23148&hp=&rt=ttfb.289,st.291,bs.27,aaft.293,acrt.293,art.294&zx=1701868601996&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-6g48LGx5f9MA5WUX_JwGFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=promo&rt=hpbas.1476&zx=1701868601701&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-MMguFbOa8bWJUoJwtTLzaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=promo&rt=hpbas.1476,hpbarr.297&zx=1701868601997&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-15sQgU2Nygoi3eCkw1QG9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&s=webhp&t=all&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&adh=&cls=0&ime=2&imex=2&imeh=3&imea=0&imeb=0&imel=0&imed=0&scp=0&mem=ujhs.6,tjhs.10,jhsl.4295,dm.8&nv=ne.1,feid.5a575ebb-2776-4e13-ac75-c1f5dfe23148&net=dl.10000,ect.4g,rtt.0&hp=&p=bs.true&sys=hc.8&rt=hst.56,aft.711,prt.202,afti.711,aftqf.712,xjses.899,xjsee.996,xjs.996,lcp.603,fcp.603,wsrt.605,cst.312,dnst.0,rqst.295,rspt.5,sslt.17,rqstt.315,unt.1,cstt.2,dit.817&zx=1701868601231&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-G7eLPRS0swu6wj2hgPcaAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ei=9nNwZbv_G7KGxc8PguiX8Aw&ct=slh&v=t1&m=HV&pv=0.012108404164933084&me=1:1701868533836,V,0,0,826,757:0,B,757:0,N,1,9nNwZbv_G7KGxc8PguiX8Aw:0,R,1,1,0,0,826,757:1281,x:3548,e,B&zx=1701868538667&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-fd6SQ-O0GKpMPEczoxsouw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ei=9nNwZbv_G7KGxc8PguiX8Aw&dt19=3&zx=1701868535104&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-_UYVdIADZ1ob7jqmhhN01w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ei=enNwZb-BAf6Hxc8Puve3uAM&dt19=3&zx=1701868410516&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce--vEjV1VqMpO3mHRX4Kzp4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&im=M&pv=0.4899438790134052&me=10:1701868340931,V,0,0,0,0:4022,V,0,0,826,757:72,h,1,1,i:959,G,1,1,682,590:232,h,1,1,o:6576,h,1,1,i:2592,h,1,1,o:5824,e,U&zx=1701868361208&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-vbyh1FnNAizUyxsIxQeXgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&m=HV&pv=0.4899438790134052&me=1:1701868319672,V,0,0,826,757:0,B,757:0,N,1,IHNwZfq3KfaSxc8P3rOK6A8:0,R,1,1,0,0,826,757:1398,x:6814,e,B&zx=1701868327885&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-fWzmbbRwgUMunk7Djaxm_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&pv=0.4899438790134052&me=7:1701868327885,V,0,0,0,0:10232,V,0,0,826,757:2813,e,B&zx=1701868340930&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-qFnt5QH7afPPMHFwNK0FHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&dt19=3&zx=1701868321061&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-wEMqjtW-nS5nBmd4JE4xjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ei=OXRwZaGRF5mTxc8P9LOdoAQ&ct=slh&v=t1&m=HV&pv=0.8756538942773218&me=1:1701868600425,V,0,0,826,757:0,B,757:0,N,1,OXRwZaGRF5mTxc8P9LOdoAQ:0,R,1,1,0,0,826,757:1282,x:3081,e,B&zx=1701868604790&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Q-jLaJwaTEGpBvq2wS0Nnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?atyp=i&ei=OXRwZaGRF5mTxc8P9LOdoAQ&dt19=3&zx=1701868601697&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-hArn8l2ALnfOcVMCjJxcig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?ei=9nNwZbv_G7KGxc8PguiX8Aw&vet=10ahUKEwi70s2r8vqCAxUyQ_EDHQL0Bc4QhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0UjiKrS_MKIt8Yqw6oUwJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?ei=enNwZb-BAf6Hxc8Puve3uAM&vet=10ahUKEwi_pqLw8fqCAxX-Q_EDHbr7DTcQhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-hdLi45fr7TJZyhiFijFvFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&ved=0ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QiZAHCHk&uact=3&bl=btNu&s=webhp |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-8HdP6a37nm0gNl_4Q_Pm8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..h&bl=btNu&s=webhp&cdot=25419 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-0YAqaBqPTYeT-quFG4N2Aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Cnx-59jLB1Zyr4r33ErvlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?ei=OXRwZaGRF5mTxc8P9LOdoAQ&vet=10ahUKEwjhkcLL8vqCAxWZSfEDHfRZB0QQhJAHCBw..s&bl=btNu&s=webhp&gl=bg&pc=SEARCH_HOMEPAGE&isMobile=false |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Y_HuFfqBL2n4HA1JV4QW7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=9nNwZbv_G7KGxc8PguiX8Aw&rt=wsrt.971,aft.824,afti.824,hst.40,prt.175&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-Mqx4sdNKLYlOlg8_buBDSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=enNwZb-BAf6Hxc8Puve3uAM&rt=wsrt.706,aft.635,afti.635,hst.38,prt.174&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-FUNFyk7I45T6QfW56tiDrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&rt=wsrt.1333,aft.1183,afti.1183,cbs.38,cbt.668,hst.38,prt.163&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-1MTVsXVJCiOuG3G2Wheh4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=OXRwZaGRF5mTxc8P9LOdoAQ&rt=wsrt.605,aft.711,afti.711,hst.56,prt.202&wh=757&imn=5&ima=1&imad=0&imac=1&imf=0&aft=1&aftp=757&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-zSvrrTGMaPcDSthSQ2GaJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| URL | https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&rt=wsrt.1333,aft.176,afti.176,cbs.38,cbt.668,hst.38,prt.163&wh=757&imn=8&ima=2&imad=0&imac=0&imf=0&opi=89978449 |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none';base-uri 'self';script-src 'nonce-9-MXAJC_yKCMbg9UHqnoXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other |
| Other Info | Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| Instances | 326 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
http://www.w3.org/TR/CSP2/
http://www.w3.org/TR/CSP/ http://caniuse.com/#search=content+security+policy http://content-security-policy.com/ https://github.com/shapesecurity/salvation https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Low |
Cookie Without Secure Flag |
|---|---|
| Description |
A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.
|
| URL | https://www.amazon.com/*/sim/B001132UEE |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/*/sim/B001132UEE?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/exec/obidos/account-access-login |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/exec/obidos/change-style |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/exec/obidos/flex-sign-in |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/exec/obidos/handle-buy-box |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/exec/obidos/tg/cm/member/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/associations/wizard.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/associations/wizard.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/aw/cr/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/aw/cr/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/aw/help/id=sss |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/aws/ssop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | Set-cookie: session-id |
| Other Info | |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | Set-cookie: ubid-main |
| Other Info | |
| URL | https://www.amazon.com/gp/b2b-rd?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/cart |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/cart/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | Set-cookie: session-id |
| Other Info | |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | Set-cookie: ubid-main |
| Other Info | |
| URL | https://www.amazon.com/gp/cart/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/cart/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/cart/get?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/cart?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/content-form |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/content-form?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/gp/customer-images |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/customer-images?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/customer-media/upload |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/customer-media/upload?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/dmusic/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/dmusic/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/dmusic/order |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/dmusic/order?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/entity-alert/external |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/flex |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/flex?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/gc/widget |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/get?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/gfix |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/gfix?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/item-dispatch |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/music/clipserve |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/music/wma-pop-up |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/offer-listing/9000 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/offer-listing/B000 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/pdp/invitation/invite |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/reader |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/reader?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/recsradio |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/recsradio?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/redirect.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/redirect.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/registry/search.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/registry/search.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/richpub/syltguides/create |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/richpub/syltguides/create?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/rl/settings |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/sign-in |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/sign-in?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/sitbv3/reader |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/sitbv3/reader?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/slredirect |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/slredirect?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/twitter/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/twitter/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/library/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/library/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/watchlist/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/watchlist/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/gp/vote |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/vote?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/voting/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/voting/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/music/prime/signup?cancelRedirectURL=L211c2ljL3ByaW1l¬NowRedirectURL=L211c2ljL3ByaW1l&redirectURL=L211c2ljL3BsYXllcg&ref_=dm_lnd_pm_pmtr_11f73476 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | Set-Cookie: session-id |
| Other Info | |
| URL | https://www.amazon.com/music/prime/signup?cancelRedirectURL=L211c2ljL3ByaW1l¬NowRedirectURL=L211c2ljL3ByaW1l&redirectURL=L211c2ljL3BsYXllcg&ref_=dm_lnd_pm_pmtr_11f73476 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-Cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/music/prime/signup?cancelRedirectURL=L211c2ljL3ByaW1l¬NowRedirectURL=L211c2ljL3ByaW1l&redirectURL=L211c2ljL3BsYXllcg&ref_=dm_lnd_pm_pmtr_11f73476 |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | Set-Cookie: session-token |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited/signup?notNowRedirectURL=L211c2ljL3VubGltaXRlZA%3D%3D&ref_=dm_lnd_hf_hfsgn_aab71000 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | Set-Cookie: session-id |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited/signup?notNowRedirectURL=L211c2ljL3VubGltaXRlZA%3D%3D&ref_=dm_lnd_hf_hfsgn_aab71000 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-Cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited/signup?notNowRedirectURL=L211c2ljL3VubGltaXRlZA%3D%3D&ref_=dm_lnd_hf_hfsgn_aab71000 |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | Set-Cookie: session-token |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/registries/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/registries/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/registries/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/review/common/du |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/review/common/du?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/review/dynamic/sims-box |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/review/dynamic/sims-box?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/rss/people/*/reviews |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | Set-cookie: session-id-time |
| Other Info | |
| URL | https://www.amazon.com/wedding/gift-fund?ref_=wedding_subnav |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | Set-Cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/wedding/gift-fund?ref_=wedding_subnav |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | Set-Cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | Set-Cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | Set-Cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | Set-Cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | Set-Cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | Set-Cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | Set-Cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | Set-Cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | Set-Cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/wedding/shop/top-100?ref_=wedding_subnav |
| Method | GET |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | Set-Cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/wedding/shop/top-100?ref_=wedding_subnav |
| Method | GET |
| Parameter | lc-main |
| Attack | |
| Evidence | Set-Cookie: lc-main |
| Other Info | |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | i18n-prefs |
| Attack | |
| Evidence | set-cookie: i18n-prefs |
| Other Info | |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | lc-main |
| Attack | |
| Evidence | set-cookie: lc-main |
| Other Info | |
| Instances | 204 |
| Solution |
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
|
| Reference | https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html |
| CWE Id | 614 |
| WASC Id | 13 |
| Plugin Id | 10011 |
|
Low |
Cookie with SameSite Attribute None |
|---|---|
| Description |
A cookie has been set with its SameSite attribute set to "none", which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
|
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868345023&opi=89978449 |
| Method | GET |
| Parameter | NID |
| Attack | |
| Evidence | Set-Cookie: NID |
| Other Info | |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | NID |
| Attack | |
| Evidence | Set-Cookie: NID |
| Other Info | |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=fi&st=26775&fid=0&zx=1701868345090&opi=89978449 |
| Method | POST |
| Parameter | NID |
| Attack | |
| Evidence | Set-Cookie: NID |
| Other Info | |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..h&bl=btNu&s=webhp&cdot=25419 |
| Method | POST |
| Parameter | NID |
| Attack | |
| Evidence | Set-Cookie: NID |
| Other Info | |
| Instances | 4 |
| Solution |
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
|
| Reference | https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site |
| CWE Id | 1275 |
| WASC Id | 13 |
| Plugin Id | 10054 |
|
Low |
Cross-Domain JavaScript Source File Inclusion |
|---|---|
| Description |
The page includes one or more script files from a third-party domain.
|
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/G/01/prime/detail_page/JS/en_US/amazonprime_page_fallback_template._CB444124796_.js |
| Attack | |
| Evidence | <script type="text/javascript" src="https://m.media-amazon.com/images/G/01/prime/detail_page/JS/en_US/amazonprime_page_fallback_template._CB444124796_.js" />'); </script> |
| Other Info | |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | https://static.siege-amazon.com/prod/profiles/AuthenticationPortalSigninNA.js |
| Attack | |
| Evidence | <script type="text/javascript" async src="https://static.siege-amazon.com/prod/profiles/AuthenticationPortalSigninNA.js"> </script> |
| Other Info | |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 |
| Method | GET |
| Parameter | https://static.siege-amazon.com/prod/profiles/AuthenticationPortalSigninNA.js |
| Attack | |
| Evidence | <script type="text/javascript" async src="https://static.siege-amazon.com/prod/profiles/AuthenticationPortalSigninNA.js"> </script> |
| Other Info | |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | https://static.siege-amazon.com/prod/profiles/AuthenticationPortalSigninNA.js |
| Attack | |
| Evidence | <script type="text/javascript" async src="https://static.siege-amazon.com/prod/profiles/AuthenticationPortalSigninNA.js"> </script> |
| Other Info | |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/117v7jc3KOL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/117v7jc3KOL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/41R8xAdc3jL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/41R8xAdc3jL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/61-6VvUxl1L.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/61-6VvUxl1L.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81OMQfeCJ-L.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81OMQfeCJ-L.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/A1eMMTj7OWL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/A1eMMTj7OWL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/01OCq7x-zqL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/01OCq7x-zqL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81PKS4tZYDL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81PKS4tZYDL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/91u7bIjyeiL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/91u7bIjyeiL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/117v7jc3KOL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/117v7jc3KOL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/41R8xAdc3jL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/41R8xAdc3jL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/61-6VvUxl1L.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/61-6VvUxl1L.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81OMQfeCJ-L.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81OMQfeCJ-L.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/A1eMMTj7OWL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/A1eMMTj7OWL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/11FTJaZiDIL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/11FTJaZiDIL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/41eBmodscAL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/41eBmodscAL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/61yEvmP9u5L.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/61yEvmP9u5L.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81nfCEpFWjL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81nfCEpFWjL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/117v7jc3KOL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/117v7jc3KOL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/41R8xAdc3jL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/41R8xAdc3jL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/61-6VvUxl1L.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/61-6VvUxl1L.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81OMQfeCJ-L.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81OMQfeCJ-L.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/A1eMMTj7OWL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/A1eMMTj7OWL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/117v7jc3KOL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/117v7jc3KOL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/41R8xAdc3jL.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/41R8xAdc3jL.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/61-6VvUxl1L.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/61-6VvUxl1L.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | https://m.media-amazon.com/images/I/81OMQfeCJ-L.js |
| Attack | |
| Evidence | <script crossorigin="anonymous" type="text/javascript" src="https://m.media-amazon.com/images/I/81OMQfeCJ-L.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js |
| Attack | |
| Evidence | <script src="https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | https://d3216uwaav9lg7.cloudfront.net/assets-Music.js |
| Attack | |
| Evidence | <script src="https://d3216uwaav9lg7.cloudfront.net/assets-Music.js" type="text/javascript"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js |
| Attack | |
| Evidence | <script src="https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | https://d3216uwaav9lg7.cloudfront.net/assets-Music.js |
| Attack | |
| Evidence | <script src="https://d3216uwaav9lg7.cloudfront.net/assets-Music.js" type="text/javascript"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js |
| Attack | |
| Evidence | <script src="https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | https://d3216uwaav9lg7.cloudfront.net/assets-Music.js |
| Attack | |
| Evidence | <script src="https://d3216uwaav9lg7.cloudfront.net/assets-Music.js" type="text/javascript"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js |
| Attack | |
| Evidence | <script src="https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | https://d3216uwaav9lg7.cloudfront.net/assets-Music.js |
| Attack | |
| Evidence | <script src="https://d3216uwaav9lg7.cloudfront.net/assets-Music.js" type="text/javascript"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js |
| Attack | |
| Evidence | <script src="https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | https://d3216uwaav9lg7.cloudfront.net/assets-Music.js |
| Attack | |
| Evidence | <script src="https://d3216uwaav9lg7.cloudfront.net/assets-Music.js" type="text/javascript"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js |
| Attack | |
| Evidence | <script src="https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | https://d3216uwaav9lg7.cloudfront.net/assets-Music.js |
| Attack | |
| Evidence | <script src="https://d3216uwaav9lg7.cloudfront.net/assets-Music.js" type="text/javascript"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js |
| Attack | |
| Evidence | <script src="https://d2h8zr0m6mus4x.cloudfront.net/primesignup/in/ingress.js"></script> |
| Other Info | |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | https://d3216uwaav9lg7.cloudfront.net/assets-Music.js |
| Attack | |
| Evidence | <script src="https://d3216uwaav9lg7.cloudfront.net/assets-Music.js" type="text/javascript"></script> |
| Other Info | |
| Instances | 92 |
| Solution |
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
|
| Reference | |
| CWE Id | 829 |
| WASC Id | 15 |
| Plugin Id | 10017 |
|
Low |
X-Content-Type-Options Header Missing |
|---|---|
| Description |
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
|
| URL | https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUI-3c913031596ca78a3768f4e934b1cc02ce238101.secure.min._V1_.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/ClientSideMetricsAUIJavascript-51171fbdd28e1a7a61e922e8f0272af8bc74d37b.secure.variant-desktop-session-snapshot-keypress.min._V2_.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/csm-captcha-instrumentation.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/rd-script-6d68177fa6061598e9509dc4b5bdd08d.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/ue-base-1c399ad9886cab69575e1e5ee15c61a1._V313498596_.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAGE_VISIBILITY |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LANGUAGE_DETECTION |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://optimizationguide-pa.googleapis.com/downloads?name=1698073325&target=OPTIMIZATION_TARGET_CLIENT_SIDE_PHISHING |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://optimizationguide-pa.googleapis.com/downloads?name=1698678108&target=OPTIMIZATION_TARGET_GEOLOCATION_PERMISSION_PREDICTIONS |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://optimizationguide-pa.googleapis.com/downloads?name=1698678199&target=OPTIMIZATION_TARGET_NOTIFICATION_PERMISSION_PREDICTIONS |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/-/en$ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/-/es/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/-/he$ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/-/he/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/-/zh_TW$ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/-/zh_TW/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/132-3165371-6872408?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/145-5865731-3714800?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/?_encoding=UTF8&ref_=sv_dmusic_5 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/?_encoding=UTF8&ref_=sv_dmusic_6 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/?_encoding=UTF8&ref_=sv_dmusic_7 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/?ref_=footer_logo |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin/ref=cart_empty_sign_in?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcart%3Fapp-nav-type%3Dnone%26dc%3Ddf |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dfooter_yo&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_AccountFlyout_orders&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_orders_first&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?language=EN_US&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcreatorhub |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?language=EN_US&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcreatorhub%2F |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_psr_desktop_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fspr%2Freturns%2Fhomepage%2Fhomepage.html%3Fref_%3Dfooter_hy_f_4 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_subscribe_save_myd_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fauto-deliveries%2Fviewsubscriptions%3Fref_%3Dnav_AccountFlyout_sns |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_wishlist_desktop_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=900&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fls&pageId=Amazon |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ASUS-NVIDIA-GeForce-Graphics-DisplayPort/dp/B0BQTVQQP4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0BQTVQQP4&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&ld=AZUSSOA-sell&node=12766669011&ref_=nav_cs_sell |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Bac-Zap-Odor-Eliminator-1_gallon/dp/B007MCJJWE/ref=sr_1_29?keywords=ZAP&qid=1701867726&sr=8-29 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Barbie-DreamHouse-Furniture-Accessories-Wheelchair-Accessible/dp/B08V1R73H9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B08V1R73H9&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Chispee-Finishing-Weaving-Leather-Melting/dp/B0CHK2D5PM/ref=sr_1_36?keywords=ZAP&qid=1701867726&sr=8-36 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Cleansing-Conditioner-Treatment-Sulfur-Greasy/dp/B08WCMNBWC/ref=sr_1_31?keywords=ZAP&qid=1701867726&sr=8-31 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Ding-Zap-Falcones-Emergency-Repair/dp/B0BF7NXYMG/ref=sr_1_41?keywords=ZAP&qid=1701867726&sr=8-41 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/dp/B07984JN3L?ie=UTF-8&plattr=ACOMFO |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/dp/B088R7QF3J?binding=kindle_edition&qid=1701867726&ref_=dbs_s_aps_series_rwt_tkin&searchxofy=true&sr=8-50 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/dp/e-mail-friend/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/dp/manual-submit/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/dp/product-availability/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/dp/rate-this-item/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/dp/shipping/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/EIOTCLUB-Prepaid-LTE-Cellular-Card/dp/B096X8471C/ref=nta-top-sellers_d_sccl_1_8/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Electric-Mosiller-Rechargeable-Powerful-Mosquitoes/dp/B09Q8W67XQ/ref=sr_1_57?keywords=ZAP&qid=1701867726&sr=8-57 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Electric-Swatter-Racket-Rechargeable-Charging/dp/B08GWRCQKJ/ref=sr_1_55?keywords=ZAP&qid=1701867726&sr=8-55 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Electric-Swatter-Rechargeable-Attractant-Charging/dp/B085DNM6JC/ref=sr_1_6?keywords=ZAP&qid=1701867726&sr=8-6 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Episode-2/dp/B091F259D2/ref=sr_1_47?keywords=ZAP&qid=1701867726&sr=8-47 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=%2Bw%2BSZ5NKCNicxUMlC%2Bk0dQ%3D%3D&amzn-r=%2Fref%3Dnav_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=%2F3fuOxEhwt63ufV6T0bxcA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=03tZvbYvlNFf2acq5oHUcQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fwrite-a-review.html%3Fue_back%3D1&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=08uZdACqvtGgyluS825gmg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0Lihl1baWvhf6TOkXodwsA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0XduUglPDjNSMjsxubrj3Q%3D%3D&amzn-r=%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0YOsOdJkoTlrb2JQ0RFSDA%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=1QT5N1E%2BoHYA3uY20Z45Qw%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=2%2BTC4M6etm0GUm88X8TuOQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=2UjxEKDb5KJ%2F9hQYTEgkuA%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3c9Q%2BP%2FBegFwrtaVnNB7JQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3LujxYM0A0USyG2OFfjV7w%3D%3D&amzn-r=%2Fref%3Dcs_503_link&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3v%2FH%2F%2Fp8hxS87L1CRjIe8g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=4CRscPzyeHD5oPwdd4g72g%3D%3D&amzn-r=%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=4L6GAxTLeRFZV1Ql%2F0XDbg%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=5PEpbY7VE%2Fx%2BF4QsbQCCsA%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=5wtQMuRaMjiNWnLNzrc%2FVQ%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=7fi5ByKad%2BdcvxZljfMzqA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=89kxzNpqpBqZafLdlFX0nQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=8T23TyPKJ9nYw28W4EnfEw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=95jTc%2Fjf17cFyeMo2q5R7g%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=97fM1dyt3h9Jc6nkywTmLA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9AQHcF15x6pT5YUsFxlgBg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9dkyynGR9nYfowg38vfKbQ%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9OGFBL46Q7pNVyNctgZC0w%3D%3D&amzn-r=%2Fhz%2Fmycd%2Fmyx%3FpageType%3Dcontent%26ref_%3Dnav_AccountFlyout_myk&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9Z05sBM3FDHZbxQkWsnZ0Q%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=apEvdI6SD8q8%2Bj6RqXItyg%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=BdXJNklVh%2FTo3oUFbCnlxg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=BMw1tPBj4bD27JeQvJERag%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=c2HyZR58QutNLD12xni6Nw%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=C7pO3cDUAWU%2FidqGpXFrjg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fiyr%2F%3Fie%3DUTF8%26ref_%3Dsv_ys_3&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=cHeprgreEvleNxcpw6qQ7g%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Czxv0r4fsgCtUApC77nCZA%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=D2GoufXGvut9%2FZMuYkd9sQ%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fauth-redirect%2Fref%3Datv_auth_red_bef%3FreturnUrl%3D%2Fgp%2Fvideo%2Fmystuff%2Fref%253Datv_auth_red_aft&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=DnotI5d00ATvL%2FoB2Njr5w%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub%252F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=E%2FKdDDIE0Gs6JwlreVZSrg%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=eJOcfxJSLiZ0gj%2BmnQ4giQ%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=eSdz%2BgPr%2BBR7xoxjOIfsSw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ESObOh2M%2BMzmGyC8otRToQ%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=f5ESAwpSkihjQPIl%2Bs9hlA%3D%3D&amzn-r=%2F%3Fref_%3Dfooter_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=FcYso%2F%2BzwFW3yW%2B%2Fwf7JMg%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=fFfU2T%2FD4%2FQzYRxmhnr52g%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Ffm%2BNimpxLDgRmnUlPCD%2FA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ha10fxEJzSh0nMyxhNHj8Q%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=HbRcpcErDWcoTPiIjQDrsw%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=hWVbQrVPP60R%2FMEYDNFUqg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IBfhlLDppwFRNkZKaih9Tw%3D%3D&amzn-r=%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-sell%26node%3D12766669011%26ref_%3Dnav_cs_sell&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ic88goIdY908wj6AsV8uHQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IgYhIcpecxxWcC1CwgCm6w%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IKULlAVXx5%2B3JVfsoGdx7A%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=itO3%2BJP6Ug64elgLVDhWQQ%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=jGyPq5xFSGjtlCbvS8hq8Q%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=L5KXWOaTj0isegvpVanBeg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fhome%2F%3Fie%3DUTF8%26ref_%3Dtopnav_storetab_ys&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=lmOkLtqxprRCC9EF%2FZOFHQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=moJ2W1sEIk5sorRfxeE4jw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=nC%2BIi4ovQgV0mddORPTlFg%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=NprXEQdwV%2BMflR6xPECeGA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=oCXu0M3f0U%2BzmrEAPhaLTQ%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ODTLp74NeoowmDKyrtofhQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=PBV26dQb2Y1INzjq5mIGOg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=qJp9aWa6EQ0ORMOoPRQ6RA%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=qootGElqNGNfpg%2Bx7sUGqw%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=r6Uog%2FdbGV4fFmxHdfuShg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=RjMI0bt%2BzVNA3JMjMzJg2Q%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=roxXxt79k1e3OYCnTuWDqQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=sM62fbadJtqMKBmZutzqTQ%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=SOJEh0g5GNh3yz21vEi58w%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TWOp0asBI%2FWBWTIkLTtsjA%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=UHco0R4f7vMNkEDM0GQbJA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=uppjsyIHBaraQddL4MAISw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Uqe%2Bj44L232HSBHTqi%2FQzA%3D%3D&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=UQmQcTwDE1aALXI5YMgUmg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=v74vI2HNtwdsMew0%2BCa4yg%3D%3D&amzn-r=%2Fgp%2Fentity-alert%2Fexternal%3Fue_back%3D1&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VBA%2FWqJZtFSpIx8jQO%2B2TQ%3D%3D&amzn-r=%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VMnQX6Wwf9aoBCz%2FnmLPHg%3D%3D&amzn-r=%2Fref%3Dcs_503_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VpYg%2FzqJm%2BlfCHmQSz%2Bi%2FA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=WKtfmT6sXhu4UctX4MQXpw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=wmaWYeM7tTV892Nv5IT%2Brw%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=WU2u70mTqqsTO3A7Q01gmQ%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=wW1ICK07PtAJyLMWPtekow%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=xqei7DKY8jFewDqaI%2BL31g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yGcmbher93sEDsbGY%2BmhpA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yIpcu%2ByTIT%2BGhSDjfI7iNA%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yu6%2FEfW%2FwPCqmg47siCmZw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=zeQeO2v0hNNZMPEQzdgpPg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Zl3unZKkp2iFjlOckDEA6Q%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=zWHXuJMe95diKgc3YS%2BIAQ%3D%3D&amzn-r=%2Fdp%2FB07984JN3L%3Fie%3DUTF-8%26plattr%3DACOMFO&field-keywords=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/GameXcel-Zapper-Electric-Swatter-Mosquito/dp/B08BP57MMH/ref=sr_1_23?keywords=ZAP&qid=1701867726&sr=8-23 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Giegxin-Natural-Tropical-Hawaiian-Costume/dp/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/GOOTOP-Mosquito-Zapper-Outdoor-Electric/dp/B09PQF39PG/ref=sr_1_38?keywords=ZAP&qid=1701867726&sr=8-38 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/cdp/member-reviews/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/customer-reviews/common/du |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/customer-reviews/dynamic/sims-box |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html?ue_back=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/entity-alert/external?ue_back=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/help/customer/contact-us |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/orc/rml/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/product/e-mail-friend |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/product/product-availability |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/product/rate-this-item |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/socialmedia/giveaways |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/video/mystuff |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/video/settings |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/yourstore/home/?ie=UTF8&ref_=topnav_storetab_ys |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/yourstore/iyr/?ie=UTF8&ref_=sv_ys_3 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/gp/yourstore/recs/get?ue_back=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Herbal-Zap-Instantly-Dissolving-Supplement/dp/B01L4J9O8Y/ref=sr_1_33?keywords=ZAP&qid=1701867726&sr=8-33 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/hz/mycd/myx?pageType=content&ref_=nav_AccountFlyout_myk |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/hz/wishlist/friends/ref_=cm_wl_your_friends |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/hz/wishlist/get?ue_back=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Iron-Flame-Empyrean-Rebecca-Yarros/dp/1649374178/ref=nta-top-sellers_d_sccl_1_5/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Lets-Clean-The-House/dp/B0B8PGK8XW/ref=sr_1_56?keywords=ZAP&qid=1701867726&sr=8-56 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Living-Puppet-9-Inch-Friendly-Monster/dp/B0CJQBMHW1/ref=sr_1_48?keywords=ZAP&qid=1701867726&sr=8-48 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Master-Lock-8417D-Python-Keyed/dp/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Nittaku-3-stars-Premium-Table-Tennis/dp/B017VPIY4U/ref=nta-top-sellers_d_sccl_1_7/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Nokia-Unlocked-Hotspot-Assistant-Charcoal/dp/B08SV2Y7J6/ref=nta-top-sellers_d_sccl_1_6/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Outdoor-Cordless-Rechargeable-Mosquito-Equipped/dp/B0BNN13X69/ref=sr_1_43?keywords=ZAP&qid=1701867726&sr=8-43 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Outdoor-High-Power-Mosquito-Waterproof-Backyard/dp/B0BVQWLLT7/ref=sr_1_44?keywords=ZAP&qid=1701867726&sr=8-44 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-CA-Adhesives/dp/B0006O8ECG/ref=sr_1_53?keywords=ZAP&qid=1701867726&sr=8-53 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-Single-Adhesives/dp/B00GB0SFT6/ref=sr_1_52?keywords=ZAP&qid=1701867726&sr=8-52 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-Z-Poxy-Minute/dp/B00SXJJ4I4/ref=sr_1_60?keywords=ZAP&qid=1701867726&sr=8-60 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-Zap-Adhesives/dp/B00SXJJ2QI/ref=sr_1_7?keywords=ZAP&qid=1701867726&sr=8-7 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Pellon-Wrap-N-Zap-Batting-36-Inch-Natural/dp/B01N4B9B6I/ref=sr_1_46?keywords=ZAP&qid=1701867726&sr=8-46 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Phosooy-Electric-Aluminium-Mosquito-Hanging/dp/B08P8MJ4X3/ref=sr_1_59?keywords=ZAP&qid=1701867726&sr=8-59 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/product-reviews/B0069IY63Y |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/product-reviews/B017VPIY4U/ref=nta-top-sellers_d_sccl_1_7_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/product-reviews/B08SV2Y7J6/ref=nta-top-sellers_d_sccl_1_6_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/product-reviews/B096X8471C/ref=nta-top-sellers_d_sccl_1_8_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Pure-ZAP-Vitamin-Natural-Verified/dp/B0CLFF5X2N/ref=sr_1_51?keywords=ZAP&qid=1701867726&sr=8-51 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=07BWCF2G9BFS2WAT7DYY&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=07BWCF2G9BFS2WAT7DYY&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=0TSXQG69TABS9N2MN4BS&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=0TSXQG69TABS9N2MN4BS&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=1C4QAWK92TFBDKQ68XMC&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=1C4QAWK92TFBDKQ68XMC&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=1EFYFGZT8YXYSPXN15E5&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=1EFYFGZT8YXYSPXN15E5&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=1WFHBDDCG810GF5YK07X&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=1WFHBDDCG810GF5YK07X&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=1Z3VXBPNK2C81GBG4KT6&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=1Z3VXBPNK2C81GBG4KT6&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2843QW1YGK2ADQB0BDWH&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2843QW1YGK2ADQB0BDWH&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=28C41J0X5ATV52HQ161D&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=28C41J0X5ATV52HQ161D&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2G1HC0JMHZH1HK08RT2A&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2G1HC0JMHZH1HK08RT2A&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2HEHNCBP48GNZEM8T8ZT&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2HEHNCBP48GNZEM8T8ZT&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2KSNA3E6CZNB2Y0SYHF7&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2KSNA3E6CZNB2Y0SYHF7&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2M38KZXKCSH2YTCTDW5T&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2M38KZXKCSH2YTCTDW5T&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2QN51WM6363YACC173X2&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2QN51WM6363YACC173X2&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2ZAA9BD0VW676AHVT7RH&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=2ZAA9BD0VW676AHVT7RH&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=3BV9FT1ZXFER89W1RJHY&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=3BV9FT1ZXFER89W1RJHY&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=43D8FKDQZ91QCMAJJ2F6&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=43D8FKDQZ91QCMAJJ2F6&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=4AHC6Q7NA500NAKMNT6Y&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=4AHC6Q7NA500NAKMNT6Y&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=4H73N5T6ZTW7FPW93ABG&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=4H73N5T6ZTW7FPW93ABG&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=4QQD9QRNB4G6WYQCJWTK&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=4QQD9QRNB4G6WYQCJWTK&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=4V37TFZ4BS0VAPPHY0HJ&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=4V37TFZ4BS0VAPPHY0HJ&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=57CNZ33807Z2NF10ZF6F&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=57CNZ33807Z2NF10ZF6F&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=5RMFKRFX7A2ZFB2NWQYD&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=5RMFKRFX7A2ZFB2NWQYD&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=6BDT2114JQRFTTBQGRDH&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=6BDT2114JQRFTTBQGRDH&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=6PE92FT3QPKW177SFKDA&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=6PE92FT3QPKW177SFKDA&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=7GW14SP04JQH5ABK7QYV&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=7GW14SP04JQH5ABK7QYV&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=7KQTD5V24NWM6F0Z013X&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=7KQTD5V24NWM6F0Z013X&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=7P69HHY1REMXVDZ2HJ3J&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=7P69HHY1REMXVDZ2HJ3J&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=7VW03D6FYN96KHTRYSXQ&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=7VW03D6FYN96KHTRYSXQ&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=88DDJH73759FVXCK962B&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=88DDJH73759FVXCK962B&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=8AWNTQHXXRFRRYW07G95&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=8AWNTQHXXRFRRYW07G95&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=8FVD3S6256SP1JSY6JDZ&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=8FVD3S6256SP1JSY6JDZ&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=8YY49YP1TR5T3V9M5WS9&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=8YY49YP1TR5T3V9M5WS9&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=9AX29VYD3H5SBK7CF99K&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=9AX29VYD3H5SBK7CF99K&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=A4TD8T65MA3AN2GRRG46&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=A4TD8T65MA3AN2GRRG46&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=A91W32PMRE5JJT21GT3F&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=A91W32PMRE5JJT21GT3F&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=ADP01PVYNHX665SG5GZ8&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=ADP01PVYNHX665SG5GZ8&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=AEVJC6QQ8HD6PNZ0MKGK&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=AEVJC6QQ8HD6PNZ0MKGK&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=AGT0JAK5TBDYNBDQJ39W&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=AGT0JAK5TBDYNBDQJ39W&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=B0B9CXR6S6CNT6450E3X&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=B0B9CXR6S6CNT6450E3X&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=BQFYC9E8TVPX47RAEW8K&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=BQFYC9E8TVPX47RAEW8K&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=BS5SJ8PVE3269A2WVS4Z&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=BS5SJ8PVE3269A2WVS4Z&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=BYWEH3FEAN0MXRW0A2R9&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=BYWEH3FEAN0MXRW0A2R9&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=C50HD6Q541VK4VFESD9T&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=C50HD6Q541VK4VFESD9T&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=CKJSQA0WR4N6JQF3BQC8&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=CKJSQA0WR4N6JQF3BQC8&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=CNFYGVMZS6MD1WF77C0R&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=CNFYGVMZS6MD1WF77C0R&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=CRNHYFDCMGYA1WW18A44&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=CRNHYFDCMGYA1WW18A44&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=D0FEJ28H4AJHCT84SS1G&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=D0FEJ28H4AJHCT84SS1G&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=D0TP68SBY7HDG3MXW48C&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=D0TP68SBY7HDG3MXW48C&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=DMW032KW515C537ZNAVB&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=DMW032KW515C537ZNAVB&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=DQSRAAGYWSQ6Z11PF3T5&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=DQSRAAGYWSQ6Z11PF3T5&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=ED5QDDQQC8TMY4AX4CKD&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=ED5QDDQQC8TMY4AX4CKD&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=EF7REY7J3CGVWSDGQMBD&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=EF7REY7J3CGVWSDGQMBD&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=EKZMH77N5KH9EMJFS91N&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=EKZMH77N5KH9EMJFS91N&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=F2703RBKPXCGBA963E2F&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=F2703RBKPXCGBA963E2F&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=FJ93S7C0CB3V67HS111G&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=FJ93S7C0CB3V67HS111G&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=FKEC5P2PQENE8H3WWZWV&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=FKEC5P2PQENE8H3WWZWV&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=FRYHHF0B3Y4WV5Z3P88V&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=FRYHHF0B3Y4WV5Z3P88V&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=FV0VT2JMA1B9H546470B&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=FV0VT2JMA1B9H546470B&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=GF0YXBRSXKKY8EVM9VW2&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=GF0YXBRSXKKY8EVM9VW2&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=GSV6C79C01MVD6RE6E38&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=GSV6C79C01MVD6RE6E38&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=GVYS3XPQAMEVJRSD6KB6&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=GVYS3XPQAMEVJRSD6KB6&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=H3XW4KDZACDMWY3XMYA1&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=H3XW4KDZACDMWY3XMYA1&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HG3GBHYC8EH0CQCPE3M5&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HG3GBHYC8EH0CQCPE3M5&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HGEM81S0CH0XRD441JF0&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HGEM81S0CH0XRD441JF0&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HMW8T12R252DDRD2PX7Z&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HMW8T12R252DDRD2PX7Z&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HPP1TJSX9F1RRSKEHCJ2&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HPP1TJSX9F1RRSKEHCJ2&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HYSFJFR7B31V19QV0PBT&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=HYSFJFR7B31V19QV0PBT&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=JS17FZBAF6JNZXRBBS03&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=JS17FZBAF6JNZXRBBS03&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=K7Q6WS07R6PS66NNMPB5&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=K7Q6WS07R6PS66NNMPB5&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KAHRR4AF1M5C6ZHNJYNK&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KAHRR4AF1M5C6ZHNJYNK&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KJY7W7FWHMNM0TZC9RWZ&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KJY7W7FWHMNM0TZC9RWZ&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KPYV6TB3JED07RV34N9D&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KPYV6TB3JED07RV34N9D&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KRA1T1Z92P0PE6WWCTV4&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KRA1T1Z92P0PE6WWCTV4&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KTSSXN5Y7FTWMK2169MS&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KTSSXN5Y7FTWMK2169MS&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KVWW9GMJTDCK71F9HMZ9&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KVWW9GMJTDCK71F9HMZ9&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KYYVMS2H9T65HPWHRXD8&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KYYVMS2H9T65HPWHRXD8&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KZ5Z48CAPGPG8VX17QHD&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=KZ5Z48CAPGPG8VX17QHD&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=MJVSJDRB5BGMWNAE4AW9&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=MJVSJDRB5BGMWNAE4AW9&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=MNENB3WDK2Y4H6FJD1CE&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=MNENB3WDK2Y4H6FJD1CE&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=NKCV5ZZSWRSYHJBAGV47&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=NKCV5ZZSWRSYHJBAGV47&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=NWMMCMQKFMDXR85ZKQK4&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=NWMMCMQKFMDXR85ZKQK4&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=P3M0DN7FPSK8A237KGYA&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=P3M0DN7FPSK8A237KGYA&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=P7WR7742GJXS34V08QQF&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=P7WR7742GJXS34V08QQF&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=PEVE67BRDBXT5JKJYDWN&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=PEVE67BRDBXT5JKJYDWN&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=PGS7PWT5NBRKWM4KZNZB&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=PGS7PWT5NBRKWM4KZNZB&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=PGTVT802A57S10DYE27W&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=PGTVT802A57S10DYE27W&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=PK06TDEY641SJG7FE64S&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=PK06TDEY641SJG7FE64S&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=Q5G901NQ1MC6Z57DME8P&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=Q5G901NQ1MC6Z57DME8P&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=QCZCS6JSKGRR73D8V15B&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=QCZCS6JSKGRR73D8V15B&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=QQTRCE7CZH7MCKWG1J0C&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=QQTRCE7CZH7MCKWG1J0C&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=QWZRXD92MJDRK92N74C2&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=QWZRXD92MJDRK92N74C2&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=R64GX02ZDJWMRRBX47QA&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=R64GX02ZDJWMRRBX47QA&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=R8XNM7E4NW0CK8W103VM&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=R8XNM7E4NW0CK8W103VM&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=S257MZE0YP0YVBTACJWA&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=S257MZE0YP0YVBTACJWA&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=V8GRNQJEW7S4AXXMR87C&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=V8GRNQJEW7S4AXXMR87C&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=VD1K5XK101T25S4FGHX4&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=VD1K5XK101T25S4FGHX4&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=W6TQDJBMNBB66VHTNH78&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=W6TQDJBMNBB66VHTNH78&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=WCE9CN4FM6BC9SZ3RTEN&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=WCE9CN4FM6BC9SZ3RTEN&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=XM87YZADCS23GKC3SHM6&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=XM87YZADCS23GKC3SHM6&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=Y89KQTWG7TTMZWKA1H1C&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=Y89KQTWG7TTMZWKA1H1C&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=YF4AE1FF6DHZ9A5BHS6W&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=YF4AE1FF6DHZ9A5BHS6W&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=YWHMA1DQEF1CC76WEQPB&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=YWHMA1DQEF1CC76WEQPB&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=ZCP1JXMRFEJTR0G849ZG&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=ZCP1JXMRFEJTR0G849ZG&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=ZTYQNNF8MD0NHQNNC1N2&noscript&pti&pty=Error&spty=PageNotFound |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/rd/uedata?id=ZTYQNNF8MD0NHQNNC1N2&tepes=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ref=cs_500_link |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ref=cs_500_logo |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ref=cs_503_link |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ref=cs_503_logo |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ref=nav_logo |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/reviews/iframe |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/robots.txt |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Seiddons-Christmas-Velvet-Unisex-Clause/dp/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Shark-AV2501S-Self-Empty-Navigation-UltraClean/dp/B09H8CWFNK/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H8CWFNK&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ShiZap-Energized-Stacking-Block-Game/dp/B08HCHDPK2/ref=sr_1_39?keywords=ZAP&qid=1701867726&sr=8-39 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Simply-Calphalon-Nonstick-Cookware-SA10H/dp/B001AS94TY/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B001AS94TY&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery-ebook/dp/B09RC2SQ5K/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery/dp/0999820079/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery/dp/0999820095/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery/dp/B09VLGT12H/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Soundcore-Cancelling-Headphones-Wireless-Bluetooth/dp/B07NM3RSRQ/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0819LK85F&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ss/customer-reviews/lighthouse/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/The-Zip-Zap-No-Small-Parts/dp/B0CBD6M8X5/ref=sr_1_42?keywords=ZAP&qid=1701867726&sr=8-42 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ZAP-Black-Large-Twin-Zapper/dp/B08GXVGZZZ/ref=sr_1_15?keywords=ZAP&qid=1701867726&sr=8-15 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ZAP-Blue-Medium-Twin-Zapper/dp/B08GWZ3LVQ/ref=sr_1_24?keywords=ZAP&qid=1701867726&sr=8-24 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ZAP-Blue-Mini-Twin-Zapper/dp/B08GXB6Y9Z/ref=sr_1_45?keywords=ZAP&qid=1701867726&sr=8-45 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ZAP-Bug-Zapper-Battery-Mosquito/dp/B07KZ8TXWQ/ref=sr_1_14?keywords=ZAP&qid=1701867726&sr=8-14 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ZAP-Bug-Zapper-Battery-Mosquito/dp/B07KZQKWVP/ref=sr_1_16?keywords=ZAP&qid=1701867726&sr=8-16 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ZAP-Bug-Zapper-Rechargeable-Attractant/dp/B085HLLHL1/ref=sr_1_11?keywords=ZAP&qid=1701867726&sr=8-11 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Cloth-Streak-Free-Cloths/dp/B00JOQWPNG/ref=sr_1_54?keywords=ZAP&qid=1701867726&sr=8-54 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ZAP-Electric-Indoor-Zapper-Mosquito/dp/B088QS5VGJ/ref=sr_1_22?keywords=ZAP&qid=1701867726&sr=8-22 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ZAP-Electric-Outdoor-Waterproof-Mosquito/dp/B088QSKG8S/ref=sr_1_30?keywords=ZAP&qid=1701867726&sr=8-30 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Formaldehyde-Brazilian-Treatment-Progressive/dp/B0BL437FFW/ref=sr_1_32?keywords=ZAP&qid=1701867726&sr=8-32 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Justin-J-Wheeler/dp/B085K7PHB3/ref=sr_1_58?keywords=ZAP&qid=1701867726&sr=8-58 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Kara-Camden/dp/B01DUIN9TC/ref=sr_1_12?keywords=ZAP&qid=1701867726&sr=8-12 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Martha-Freeman-ebook/dp/B074ZN2L3N/ref=sr_1_49?keywords=ZAP&qid=1701867726&sr=8-49 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Martha-Freeman/dp/1534405577/ref=sr_1_49?keywords=ZAP&qid=1701867726&sr=8-49 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Martha-Freeman/dp/1534405585/ref=sr_1_49?keywords=ZAP&qid=1701867726&sr=8-49 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Play-Paul-Fleischman-ebook/dp/B011S7489W/ref=sr_1_21?keywords=ZAP&qid=1701867726&sr=8-21 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Play-Paul-Fleischman/dp/0763627747/ref=sr_1_21?keywords=ZAP&qid=1701867726&sr=8-21 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Play-Revised-Paul-Fleischman/dp/0763680133/ref=sr_1_21?keywords=ZAP&qid=1701867726&sr=8-21 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Progressive-Brush-Long-lasting-Straightening/dp/B07SSHX3BM/ref=sr_1_8?keywords=ZAP&qid=1701867726&sr=8-8 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/ZAP-Zapper-Large-Twin-Pack/dp/B07GN4JZL8/ref=sr_1_10?keywords=ZAP&qid=1701867726&sr=8-10 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zap-Zapper-Racket-4000V-Rechargeable/dp/B06WW6831F/ref=sr_1_5?keywords=ZAP&qid=1701867726&sr=8-5 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zapped-Zendaya/dp/B00MKKCVGO/ref=sr_1_34?keywords=ZAP&qid=1701867726&sr=8-34 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zezo-Fiber-Zap-Cloth-10-Cloths/dp/B01CH150VS/ref=sr_1_9?keywords=ZAP&qid=1701867726&sr=8-9 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.amazon.com/Zipi-Zape-Isla-del-Capit%C3%A1n/dp/B09ZKMWZ25/ref=sr_1_37?keywords=ZAP&qid=1701867726&sr=8-37 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| Instances | 608 |
| Solution |
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.
If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
|
| Reference |
http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
https://owasp.org/www-community/Security_Headers |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10021 |
|
Informational |
Cookie Poisoning |
|---|---|
| Description |
This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.
|
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | clientContext |
| Attack | |
| Evidence | |
| Other Info | An attacker may be able to poison cookie values through URL parameters. Try injecting a semicolon to see if you can add cookie values (e.g. name=controlledValue;name=anotherValue;). This was identified at: https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage User-input was found in the following cookie: ubid-main=134-9805331-2128027; Domain=.amazon.com; Expires=Thu, 05-Dec-2024 13:02:23 GMT; Path=/; Secure The user input was: clientContext=134-9805331-2128027 |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 |
| Method | GET |
| Parameter | language |
| Attack | |
| Evidence | |
| Other Info | An attacker may be able to poison cookie values through URL parameters. Try injecting a semicolon to see if you can add cookie values (e.g. name=controlledValue;name=anotherValue;). This was identified at: https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 User-input was found in the following cookie: lc-main=en_US; Domain=.amazon.com; Expires=Thu, 05-Dec-2024 13:02:15 GMT; Path=/; Secure The user input was: language=en_US |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | uxe |
| Attack | |
| Evidence | |
| Other Info | An attacker may be able to poison cookie values through POST parameters. To test if this is a more serious issue, you should try resending that request as a GET, with the POST parameter included as a query string parameter. For example: http://nottrusted.com/page?value=maliciousInput. This was identified at: https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true User-input was found in the following cookie: NID=511=WRXNjR8uYqa33LiFFztn5VvA8uFq6llIzNmzsIHshZyMnC6rI4uryxQTfbydYI2_B83aICvQ_PV-9OK6NRh3YmQHQBmmyIytc8nn9mvxGgPw-TcdVs8B2GkaXgPPNGs7turDQw6UcILfRE2SiBNIiORsklWS3BzDBUzP7YRBQItERz3IcBJIyaGL6vNU; expires=Sun, 05-Jan-2025 05:30:18 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none The user input was: uxe=none |
| Instances | 3 |
| Solution |
Do not allow user input to control cookie names and values. If some query string parameters must be set in cookie values, be sure to filter out semicolon's that can serve as name/value pair delimiters.
|
| Reference | http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-cookie |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10029 |
|
Informational |
Information Disclosure - Sensitive Information in URL |
|---|---|
| Description |
The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.
|
| URL | https://www.amazon.com/kindle-dbs/ku2?passThroughAsin=B09RC2SQ5K&ref_=mbs_ku_lp |
| Method | GET |
| Parameter | passThroughAsin |
| Attack | |
| Evidence | passThroughAsin |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: pass passThroughAsin |
| URL | https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en-BG&authuser=0&psi=9nNwZbv_G7KGxc8PguiX8Aw.1701868534315&dpr=2.25&nolsbt=1 |
| Method | GET |
| Parameter | authuser |
| Attack | |
| Evidence | authuser |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user authuser |
| URL | https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en-BG&authuser=0&psi=enNwZb-BAf6Hxc8Puve3uAM.1701868409775&dpr=2.25&nolsbt=1 |
| Method | GET |
| Parameter | authuser |
| Attack | |
| Evidence | authuser |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user authuser |
| URL | https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en-BG&authuser=0&psi=IHNwZfq3KfaSxc8P3rOK6A8.1701868320335&dpr=2.25&nolsbt=1 |
| Method | GET |
| Parameter | authuser |
| Attack | |
| Evidence | authuser |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user authuser |
| URL | https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en-BG&authuser=0&psi=OXRwZaGRF5mTxc8P9LOdoAQ.1701868601291&dpr=2.25&nolsbt=1 |
| Method | GET |
| Parameter | authuser |
| Attack | |
| Evidence | authuser |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: user authuser |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&im=M&pv=0.4899438790134052&me=10:1701868340931,V,0,0,0,0:4022,V,0,0,826,757:72,h,1,1,i:959,G,1,1,682,590:232,h,1,1,o:6576,h,1,1,i:2592,h,1,1,o:5824,e,U&zx=1701868361208&opi=89978449 |
| Method | POST |
| Parameter | pv |
| Attack | |
| Evidence | 0.4899438790134052 |
| Other Info | The URL appears to contain credit card information. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&m=HV&pv=0.4899438790134052&me=1:1701868319672,V,0,0,826,757:0,B,757:0,N,1,IHNwZfq3KfaSxc8P3rOK6A8:0,R,1,1,0,0,826,757:1398,x:6814,e,B&zx=1701868327885&opi=89978449 |
| Method | POST |
| Parameter | pv |
| Attack | |
| Evidence | 0.4899438790134052 |
| Other Info | The URL appears to contain credit card information. |
| URL | https://www.google.com/gen_204?atyp=i&ei=IHNwZfq3KfaSxc8P3rOK6A8&ct=slh&v=t1&pv=0.4899438790134052&me=7:1701868327885,V,0,0,0,0:10232,V,0,0,826,757:2813,e,B&zx=1701868340930&opi=89978449 |
| Method | POST |
| Parameter | pv |
| Attack | |
| Evidence | 0.4899438790134052 |
| Other Info | The URL appears to contain credit card information. |
| Instances | 8 |
| Solution |
Do not pass sensitive information in URIs.
|
| Reference | |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10024 |
|
Informational |
Information Disclosure - Suspicious Comments |
|---|---|
| Description |
The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
|
| URL | http://www.gstatic.com/og/_/js/k=og.qtm.en_US.bzF-LaXn39U.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTtGj0ppAB9TeeShbTNSI3bE_iNr4Q |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 7 times, the first in the element starting with: "wi);wi.prototype.ca=wi.prototype.H;wi.prototype.cb=wi.prototype.Sa;wi.prototype.cc=wi.prototype.Ja;wi.prototype.cd=wi.prototype.", see evidence field for the suspicious comment/snippet. |
| URL | http://www.gstatic.com/og/_/js/k=og.qtm.en_US.bzF-LaXn39U.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTtGj0ppAB9TeeShbTNSI3bE_iNr4Q |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 7 times, the first in the element starting with: "typeof d.get)for(const f of d.keys())c.set(f,d.get(f));else throw Error("fa`"+String(d));d=Array.from(c.keys()).find(f=>"content", see evidence field for the suspicious comment/snippet. |
| URL | http://www.gstatic.com/og/_/js/k=og.qtm.en_US.bzF-LaXn39U.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTtGj0ppAB9TeeShbTNSI3bE_iNr4Q |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | SELECT |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "Gh=function(a){var b;if((b="A"==a.tagName&&a.hasAttribute("href")||"INPUT"==a.tagName||"TEXTAREA"==a.tagName||"SELECT"==a.tagNam", see evidence field for the suspicious comment/snippet. |
| URL | http://www.gstatic.com/og/_/js/k=og.qtm.en_US.bzF-LaXn39U.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTtGj0ppAB9TeeShbTNSI3bE_iNr4Q |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: "eu=function(a,b,c){const d=b.ae(),e=b.getMetadata();var f=a.o&&!1;f=a.i||f?new _.Ml(new Yt({oh:a.i,hh:f})):new _.Ml;c+=d.getName", see evidence field for the suspicious comment/snippet. |
| URL | http://www.gstatic.com/og/_/js/k=og.qtm.en_US.bzF-LaXn39U.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTtGj0ppAB9TeeShbTNSI3bE_iNr4Q |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "var uB=function(a){const b=c=>encodeURIComponent(c).replace(/[!()~']|(%20)/g,d=>({"!":"%21","(":"%28",")":"%29","%20":"+","'":"%", see evidence field for the suspicious comment/snippet. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Db |
| Other Info | The following pattern was used: \bDB\b and was detected 4 times, the first in the element starting with: "_.ub=function(a){var b=arguments.length;if(1==b&&Array.isArray(arguments[0]))return _.ub.apply(null,arguments[0]);for(var c={},d", see evidence field for the suspicious comment/snippet. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "var Sg=function(){this.Pg=window.console};Sg.prototype.log=function(a){this.Pg&&this.Pg.log&&this.Pg.log(a)};Sg.prototype.error=", see evidence field for the suspicious comment/snippet. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "pa("Array.from",function(a){return a?a:function(b,c,d){c=null!=c?c:function(k){return k};var e=[],f="undefined"!=typeof Symbol&&", see evidence field for the suspicious comment/snippet. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected 6 times, the first in the element starting with: "(a[2]&&d?"/":"")));d=function(e){return c(e.replace(/\?/g,"%3F").replace(/#/g,"%23"))};b.query=a[5]?[d(a[5])]:[];b.jj=a[7]?[d(a[", see evidence field for the suspicious comment/snippet. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | SELECT |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "var He=function(a){return{valueOf:a}.valueOf()},Je=function(a){return new _.Ie(function(b){return b.substr(0,a.length+1).toLower", see evidence field for the suspicious comment/snippet. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | where |
| Other Info | The following pattern was used: \bWHERE\b and was detected 3 times, the first in the element starting with: "_.g.Jp=function(a){this.T.context=a};var io=function(a,b){a.T._rpcReadyFn=b};eo.prototype.getIframeEl=function(){return this.T.i", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/*/sim/B001132UEE |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/*/sim/B001132UEE |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/*/sim/B001132UEE?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/*/sim/B001132UEE?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: "<script> (function(d,k,Q,F){function v(a){x&&x.tag&&x.tag(l(":","aui",a))}function n(a,b){x&&x.count&&x.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> window.ue_ibe = (window.ue_ibe || 0) + 1; if (window.ue_ibe === 1) { (function(e,c){function h(b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(c,g,S,H){function x(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(c,g,S,H){function x(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace("DetailPageMerchByAmazonBrandingViewConfig"));if(_np.g", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace(""));if(_np.guardFatal){_np.guardFatal(f)(_np);}else{f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: "<script type="a-state" data-a-state="{"key":"ShareWidgetParams"}">{"image":"https://m.media-amazon.com/image", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> P.when('jQuery').register('count-down-controller-v2', function($) { function countDown() { var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> window.Gfhz = { pageContext: { deviceType: "desktop", marketplaceId: "ATVPDKIKX0DER", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/associations/wizard.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/associations/wizard.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/associations/wizard.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/associations/wizard.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aw/cr/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aw/cr/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aw/cr/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aw/cr/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aws/ssop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aws/ssop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/b2b-rd?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/b2b-rd?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace("CartInlineFullServerSetting"));if(_np.guardFatal){_np", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/cart?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/content-form |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/content-form |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/content-form?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/content-form?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-images |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-images |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-images?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-images?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/upload |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/upload |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/upload?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-media/upload?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/order |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/order |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/order?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/dmusic/order?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/entity-alert/external |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/entity-alert/external |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/flex |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/flex |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/flex?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/flex?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/gc/widget |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/gc/widget |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/gfix |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/gfix |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/gfix?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/gfix?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script> (function() { 'use strict'; window.Globals = window.Globals || {}; // The ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/music/clipserve |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/music/clipserve |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/music/wma-pop-up |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/music/wma-pop-up |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/9000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/9000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/B000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/B000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/recsradio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/recsradio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/recsradio?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/recsradio?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/redirect.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/redirect.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/redirect.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/redirect.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/registry/search.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/registry/search.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/registry/search.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/registry/search.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/rentallist |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script> (function(d,g,R,H){function x(a){y&&y.tag&&y.tag(m(":","aui",a))}function p(a,b){y&&y.count&&y.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/rl/settings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/rl/settings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/sign-in |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/sign-in |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/sign-in?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/sign-in?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/sitbv3/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/sitbv3/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/sitbv3/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/sitbv3/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/slredirect |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/slredirect |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/slredirect?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/slredirect?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/twitter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/twitter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/twitter/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/twitter/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/vote |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/vote |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/vote?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/vote?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/voting/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/voting/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/voting/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/voting/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 4 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/review/common/du |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/review/common/du |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/review/common/du?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/review/common/du?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/review/dynamic/sims-box |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/review/dynamic/sims-box |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/review/dynamic/sims-box?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/review/dynamic/sims-box?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/rss/people/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/rss/people/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DEBUG |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script>!function(){function n(n,t){var r=i(n);return t&&(r=r("instance",t)),r}var r=[],c=0,i=function(t){return function(){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> ue_csm.ue_unrt = 1500; (function(d,b,t){function u(a,g){var c=a.srcElement||a.target||{},b={k:v,", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">var now = function() { return (Date.now ? Date.now() : new Date().getTime()); }; var throttle = f", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(c,g,S,H){function x(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace("DetailPageMerchByAmazonBrandingViewConfig"));if(_np.g", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Bug |
| Other Info | The following pattern was used: \bBUG\b and was detected 3 times, the first in the element starting with: "<script type="a-state" data-a-state="{"key":"turbo-checkout-page-state"}">{"turboWeblab":"RCX_CHECKOUT_TURBO", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | DB |
| Other Info | The following pattern was used: \bDB\b and was detected in the element starting with: "<script class='json-content' type='application/json'>{"encryptedLazyLoadRenderRequest":"AAAAAAAAAADu7Sel50pT72MiNHrbi3/ORyEAAAAA", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(c,g,S,H){function x(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace("DetailPageMerchByAmazonBrandingViewConfig"));if(_np.g", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 3 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "<script nonce="1SaufpWaIgLs8PkE9_Zz1w">(function(){window.google.erd={jsr:1,bv:1915,sd:true,de:true};})();(function(){var sdo=fa", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "<script nonce="7zd6r0TDQUIvsSBF2MeQ5w">(function(){window.google.erd={jsr:1,bv:1915,sd:true,de:true};})();(function(){var sdo=fa", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "<script nonce="aPzJ0gh9RXJmrJkeLUH1Ig">(function(){window.google.erd={jsr:1,bv:1915,sd:true,de:true};})();(function(){var sdo=fa", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "<script nonce="ve1l1k6TFoG5YjsOBmyYPg">(function(){window.google.erd={jsr:1,bv:1915,sd:true,de:true};})();(function(){var sdo=fa", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script nonce="1SaufpWaIgLs8PkE9_Zz1w">(function(){var d=google.c.sxs;(function(){var e=Date.now(),a=d?"load2":"load";if(google.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script nonce="7zd6r0TDQUIvsSBF2MeQ5w">(function(){var d=google.c.sxs;(function(){var e=Date.now(),a=d?"load2":"load";if(google.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script nonce="aPzJ0gh9RXJmrJkeLUH1Ig">(function(){var d=google.c.sxs;(function(){var e=Date.now(),a=d?"load2":"load";if(google.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script nonce="ve1l1k6TFoG5YjsOBmyYPg">(function(){var d=google.c.sxs;(function(){var e=Date.now(),a=d?"load2":"load";if(google.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEJVgaePY-G0flEHorwhfOA77v9Mw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433544 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 25 times, the first in the element starting with: "_.db=function(a){if("number"!==typeof a)throw zca("int32");if(!Number.isFinite(a))throw zca("int32");return a|0};Ica=function(a)", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEJVgaePY-G0flEHorwhfOA77v9Mw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433544 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "_.Ce.set("debug.apply-debug-flags",_.Vn("CgIzTb"));_.Ce.set("debug.refresh-path-quality-metric",_.Vn("U8qUPd"));_.Ce.set("debug.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEJVgaePY-G0flEHorwhfOA77v9Mw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433544 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 40 times, the first in the element starting with: "Xha=function(a){var b=new Set;if(a.stack){a=a.stack.toString().matchAll(/https:\/\/[^:]+/g);a=_.Ma(a);for(var c=a.next();!c.done", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEJVgaePY-G0flEHorwhfOA77v9Mw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433544 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected 8 times, the first in the element starting with: "gDa=google.jl&&google.jl.injt?google.jl.injt:0;hDa=google.jl&&google.jl.injth?google.jl.injth:0;iDa=!(!google.jl||!google.jl.inj", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEJVgaePY-G0flEHorwhfOA77v9Mw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433544 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | SELECT |
| Other Info | The following pattern was used: \bSELECT\b and was detected 17 times, the first in the element starting with: "_.Dl=function(a){var b;if((b="A"==a.tagName&&a.hasAttribute("href")||"INPUT"==a.tagName||"TEXTAREA"==a.tagName||"SELECT"==a.tagN", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEJVgaePY-G0flEHorwhfOA77v9Mw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433544 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | user |
| Other Info | The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "a.message||"The request is not allowed by the user agent or the platform in the current context, possibly because the user denie", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEJVgaePY-G0flEHorwhfOA77v9Mw/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433544 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "_.Hc=function(a,b){var c=this;b=void 0===b?{}:b;var d=void 0===b.vmb?_.YAa:b.vmb;a=""===a?[]:_.Rl(a);b=a[1]||"";this.protocol=b+", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEmTEiQXYeJZgGl2a8_tkqFEQ55jA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 25 times, the first in the element starting with: "_.db=function(a){if("number"!==typeof a)throw zca("int32");if(!Number.isFinite(a))throw zca("int32");return a|0};Ica=function(a)", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEmTEiQXYeJZgGl2a8_tkqFEQ55jA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "_.Ce.set("debug.apply-debug-flags",_.Vn("CgIzTb"));_.Ce.set("debug.refresh-path-quality-metric",_.Vn("U8qUPd"));_.Ce.set("debug.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEmTEiQXYeJZgGl2a8_tkqFEQ55jA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 40 times, the first in the element starting with: "Xha=function(a){var b=new Set;if(a.stack){a=a.stack.toString().matchAll(/https:\/\/[^:]+/g);a=_.Ma(a);for(var c=a.next();!c.done", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEmTEiQXYeJZgGl2a8_tkqFEQ55jA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected 8 times, the first in the element starting with: "gDa=google.jl&&google.jl.injt?google.jl.injt:0;hDa=google.jl&&google.jl.injth?google.jl.injth:0;iDa=!(!google.jl||!google.jl.inj", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEmTEiQXYeJZgGl2a8_tkqFEQ55jA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | SELECT |
| Other Info | The following pattern was used: \bSELECT\b and was detected 17 times, the first in the element starting with: "_.Dl=function(a){var b;if((b="A"==a.tagName&&a.hasAttribute("href")||"INPUT"==a.tagName||"TEXTAREA"==a.tagName||"SELECT"==a.tagN", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEmTEiQXYeJZgGl2a8_tkqFEQ55jA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | user |
| Other Info | The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "a.message||"The request is not allowed by the user agent or the platform in the current context, possibly because the user denie", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oEmTEiQXYeJZgGl2a8_tkqFEQ55jA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "_.Hc=function(a,b){var c=this;b=void 0===b?{}:b;var d=void 0===b.vmb?_.YAa:b.vmb;a=""===a?[]:_.Rl(a);b=a[1]||"";this.protocol=b+", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oFMCJBBv8dMvIFzUVNfku5jsjMygA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 25 times, the first in the element starting with: "_.db=function(a){if("number"!==typeof a)throw zca("int32");if(!Number.isFinite(a))throw zca("int32");return a|0};Ica=function(a)", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oFMCJBBv8dMvIFzUVNfku5jsjMygA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "_.Ce.set("debug.apply-debug-flags",_.Vn("CgIzTb"));_.Ce.set("debug.refresh-path-quality-metric",_.Vn("U8qUPd"));_.Ce.set("debug.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oFMCJBBv8dMvIFzUVNfku5jsjMygA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 40 times, the first in the element starting with: "Xha=function(a){var b=new Set;if(a.stack){a=a.stack.toString().matchAll(/https:\/\/[^:]+/g);a=_.Ma(a);for(var c=a.next();!c.done", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oFMCJBBv8dMvIFzUVNfku5jsjMygA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected 8 times, the first in the element starting with: "gDa=google.jl&&google.jl.injt?google.jl.injt:0;hDa=google.jl&&google.jl.injth?google.jl.injth:0;iDa=!(!google.jl||!google.jl.inj", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oFMCJBBv8dMvIFzUVNfku5jsjMygA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | SELECT |
| Other Info | The following pattern was used: \bSELECT\b and was detected 17 times, the first in the element starting with: "_.Dl=function(a){var b;if((b="A"==a.tagName&&a.hasAttribute("href")||"INPUT"==a.tagName||"TEXTAREA"==a.tagName||"SELECT"==a.tagN", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oFMCJBBv8dMvIFzUVNfku5jsjMygA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | user |
| Other Info | The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "a.message||"The request is not allowed by the user agent or the platform in the current context, possibly because the user denie", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/ed=1/dg=2/br=1/rs=ACT90oFMCJBBv8dMvIFzUVNfku5jsjMygA/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "_.Hc=function(a,b){var c=this;b=void 0===b?{}:b;var d=void 0===b.vmb?_.YAa:b.vmb;a=""===a?[]:_.Rl(a);b=a[1]||"";this.protocol=b+", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/ed=1/dg=2/br=1/rs=ACT90oGNGUB9sNkl5kGnbtQ_H5ePLinFTg/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433548 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 25 times, the first in the element starting with: "_.db=function(a){if("number"!==typeof a)throw zca("int32");if(!Number.isFinite(a))throw zca("int32");return a|0};Ica=function(a)", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/ed=1/dg=2/br=1/rs=ACT90oGNGUB9sNkl5kGnbtQ_H5ePLinFTg/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433548 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "_.Ce.set("debug.apply-debug-flags",_.Vn("CgIzTb"));_.Ce.set("debug.refresh-path-quality-metric",_.Vn("U8qUPd"));_.Ce.set("debug.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/ed=1/dg=2/br=1/rs=ACT90oGNGUB9sNkl5kGnbtQ_H5ePLinFTg/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433548 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 42 times, the first in the element starting with: "Xha=function(a){var b=new Set;if(a.stack){a=a.stack.toString().matchAll(/https:\/\/[^:]+/g);a=_.Ma(a);for(var c=a.next();!c.done", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/ed=1/dg=2/br=1/rs=ACT90oGNGUB9sNkl5kGnbtQ_H5ePLinFTg/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433548 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected 8 times, the first in the element starting with: "gDa=google.jl&&google.jl.injt?google.jl.injt:0;hDa=google.jl&&google.jl.injth?google.jl.injth:0;iDa=!(!google.jl||!google.jl.inj", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/ed=1/dg=2/br=1/rs=ACT90oGNGUB9sNkl5kGnbtQ_H5ePLinFTg/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433548 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | SELECT |
| Other Info | The following pattern was used: \bSELECT\b and was detected 17 times, the first in the element starting with: "_.Dl=function(a){var b;if((b="A"==a.tagName&&a.hasAttribute("href")||"INPUT"==a.tagName||"TEXTAREA"==a.tagName||"SELECT"==a.tagN", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/ed=1/dg=2/br=1/rs=ACT90oGNGUB9sNkl5kGnbtQ_H5ePLinFTg/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433548 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | user |
| Other Info | The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "a.message||"The request is not allowed by the user agent or the platform in the current context, possibly because the user denie", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/ed=1/dg=2/br=1/rs=ACT90oGNGUB9sNkl5kGnbtQ_H5ePLinFTg/ee=cEt90b:ws9Tlc;qddgKe:x4FYXe,d7YSfd;yxTchf:KUM7Z;dtl0hd:lLQWFe;eHDfl:ofjVkb;qaS3gd:yiLg6e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;iFQyKf:vfuNJf,QIhFr;SNUn3:ZwDk9d,x8cHvb;io8t5d:sgY6Zb;Oj465e:KG2eXe,KG2eXe;Erl4fe:FloWmf,FloWmf;JsbNhc:Xd8iUd;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;uY49fb:COQbmf;Pjplud:PoEs9b,EEDORb;QGR0gd:Mlhmy;a56pNe:JEfCwb;Me32dd:MEeYgc;wR5FRb:TtcOte,O1Gjze;pXdRYb:JKoKVe;dIoSBb:ZgGg9b;EmZ2Bf:zr1jrb;NSEoX:lazG7b;eBAeSb:Ck63tb;WCEKNd:I46Hvd;wV5Pjc:L8KGxe;EVNhjf:pw70Gc;sTsDMc:kHVSUb;wQlYve:aLUfP;zOsCQe:Ko78Df;KcokUb:KiuZBf;kbAm9d:MkHyGd;g8nkx:U4MzKc;YV5bee:IvPZ6d;pNsl2d:j9Yuyc;BjwMce:cXX2Wb;KpRAue:Tia57b;jY0zg:Q6tNgc;aZ61od:arTwJ;yGxLoc:FmAr0c;vfVwPd:lcrkwe;NPKaK:SdcwHb;LBgRLc:XVMNvd,SdcwHb;UyG7Kb:wQd0G;LsNahb:ucGLNb;w9w86d:dt4g2b;coJ8e:KvoW8;oSUNyd:fTfGO,fTfGO,pnvXVc;SMDL4c:fTfGO,pnvXVc;lzgfYb:PI40bd;qZx2Fc:j0xrE;IoGlCf:b5lhvb;w4rSdf:XKiZ9;h3MYod:cEt90b;eO3lse:nFClrf;zaIgPb:Qtpxbd;HMDDWe:G8QUdb;ShpF6e:N0pvGc;k2Qxcb:XY51pe;IBADCc:RYquRb;pKJiXd:VCenhc;rQSrae:C6D5Fc;kCQyJ:ueyPK;EABSZ:MXZt9d;qavrXe:zQzcXe;TxfV6d:YORN0b;UDrY1c:eps46d;F9mqte:UoRcbe;GleZL:J1A7Od;Nyt6ic:jn2sGd;JXS8fb:Qj0suc;w3bZCb:ZPGaIb;VGRfx:VFqbr;G0KhTb:LIaoZ;XUezZ:sa7lqb;aAJE9c:WHW6Ef;V2HTTe:RolTY;Wfmdue:g3MJlb;imqimf:jKGL2e;BgS6mb:fidj5d;gtVSi:ekUOYd;KQzWid:ZMKkN;UVmjEd:EesRsb;z97YGf:oug9te;AfeaP:TkrAjf;eBZ5Nd:audvde;CxXAWb:YyRLvc;VN6jIc:ddQyuf;OgagBe:cNTe0;SLtqO:Kh1xYe;tosKvd:ZCqP3;VOcgDe:YquhTb;uuQkY:u2V3ud;WDGyFe:jcVOxd;trZL0b:qY8PFe;VxQ32b:k0XsBb;DULqB:RKfG5c;Np8Qkd:Dpx6qc;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;xBbsrc:NEW1Qc;DpcR3d:zL72xf;hjRo6e:F62sG;pj82le:mg5CW;dLlj2:Qqt3Gf;oUlnpc:RagDlc;Q1Ow7b:x5CSu;bFZ6gf:RsDQqe;ESrPQc:mNTJvc;R9Ulx:CR7Ufe;KOxcK:bFOvTc;G6wU6e:hezEbd;VsAqSb:PGf2Re;okUaUd:wItadb;ZWEUA:afR4Cf;U96pRd:FsR04;heHB1:sFczq;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;BMxAGc:E5bFse;R4IIIb:QWfeKf;whEZac:F4AmNb;tH4IIe:Ymry6;lkq0A:JyBE3e;daB6be:lMxGPd;LEikZe:byfTOb,lsjVmc/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl?cb=72433548 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "_.Hc=function(a,b){var c=this;b=void 0===b?{}:b;var d=void 0===b.vmb?_.YAa:b.vmb;a=""===a?[]:_.Rl(a);b=a[1]||"";this.protocol=b+", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oExGMWSwJZ5hlih1q0pMg8V5q7_nw/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?cb=72433544&xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 5 times, the first in the element starting with: "var TTb=function(a,b){_.Ux.Qi=b.ei;var c=new qTb;c.oa=!!b.du;c.ka=!!b.dv;c.Ca=!!b.db;var d=Number(b.mmcnt);isFinite(d)&&(c.ta=d)", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oExGMWSwJZ5hlih1q0pMg8V5q7_nw/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?cb=72433544&xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 21 times, the first in the element starting with: "b+"): "+OHh(a,c)+(d?" "+d:"")})},QHh=function(a,b){a.info(function(){return"TIMEOUT: "+b})};LHh.prototype.debug=function(){};LHh", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oExGMWSwJZ5hlih1q0pMg8V5q7_nw/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?cb=72433544&xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 12 times, the first in the element starting with: "_F_installCss(".jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:in", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgEEBU4BkFANBEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oExGMWSwJZ5hlih1q0pMg8V5q7_nw/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?cb=72433544&xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "ow.set("searchResultSelect",_.Vn("aFgeo"));ow.set("seating_class_selected",_.Vn("VTonCc"));ow.set("see_full_definition",_.Vn("Le", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oFaF6WDhb9sRF746o8vSZG_fgCsAw/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 5 times, the first in the element starting with: "var TTb=function(a,b){_.Ux.Qi=b.ei;var c=new qTb;c.oa=!!b.du;c.ka=!!b.dv;c.Ca=!!b.db;var d=Number(b.mmcnt);isFinite(d)&&(c.ta=d)", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oFaF6WDhb9sRF746o8vSZG_fgCsAw/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 21 times, the first in the element starting with: "b+"): "+OHh(a,c)+(d?" "+d:"")})},QHh=function(a,b){a.info(function(){return"TIMEOUT: "+b})};LHh.prototype.debug=function(){};LHh", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oFaF6WDhb9sRF746o8vSZG_fgCsAw/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 12 times, the first in the element starting with: "_F_installCss(".jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:in", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oFaF6WDhb9sRF746o8vSZG_fgCsAw/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "ow.set("searchResultSelect",_.Vn("aFgeo"));ow.set("seating_class_selected",_.Vn("VTonCc"));ow.set("see_full_definition",_.Vn("Le", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oGTv4maRz6kJKV9z1fTfSIWZDzcxg/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 5 times, the first in the element starting with: "var TTb=function(a,b){_.Ux.Qi=b.ei;var c=new qTb;c.oa=!!b.du;c.ka=!!b.dv;c.Ca=!!b.db;var d=Number(b.mmcnt);isFinite(d)&&(c.ta=d)", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oGTv4maRz6kJKV9z1fTfSIWZDzcxg/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 21 times, the first in the element starting with: "b+"): "+OHh(a,c)+(d?" "+d:"")})},QHh=function(a,b){a.info(function(){return"TIMEOUT: "+b})};LHh.prototype.debug=function(){};LHh", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oGTv4maRz6kJKV9z1fTfSIWZDzcxg/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 12 times, the first in the element starting with: "_F_installCss(".jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:in", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAAAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQCABwQAANABAAAgoBHAAISAEhAAAACAPAAEBwCDCAIAAAAAAAAAAAAQwATB4IIEQEEAAQAAAAAAAAAAAEBKmlwMJA/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oGTv4maRz6kJKV9z1fTfSIWZDzcxg/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "ow.set("searchResultSelect",_.Vn("aFgeo"));ow.set("seating_class_selected",_.Vn("VTonCc"));ow.set("see_full_definition",_.Vn("Le", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oHSInv_h1FKHQ6rTHtUzOuVvNaDrQ/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?cb=72433548&xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 5 times, the first in the element starting with: "var TTb=function(a,b){_.Ux.Qi=b.ei;var c=new qTb;c.oa=!!b.du;c.ka=!!b.dv;c.Ca=!!b.db;var d=Number(b.mmcnt);isFinite(d)&&(c.ta=d)", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oHSInv_h1FKHQ6rTHtUzOuVvNaDrQ/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?cb=72433548&xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 21 times, the first in the element starting with: "b+"): "+OHh(a,c)+(d?" "+d:"")})},QHh=function(a,b){a.info(function(){return"TIMEOUT: "+b})};LHh.prototype.debug=function(){};LHh", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oHSInv_h1FKHQ6rTHtUzOuVvNaDrQ/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?cb=72433548&xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 12 times, the first in the element starting with: "_F_installCss(".jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:in", see evidence field for the suspicious comment/snippet. |
| URL | https://www.google.com/xjs/_/js/k=xjs.hd.en.XZqIZ5oTr0A.O/ck=xjs.hd.NT53HHdsy6U.L.W.O/am=AAAAAAAAAAAAAAAAAAAAACAAAAAAgKiBcAhgAwQABAcAAwQAAQAEiCAKAQxAgYCHsgEAAJgAgSVgUUBU4BkFANAEVAEAAAAAAAgGEQAAAAQAANABAAAgoBHAAISAEhAAAACAPAAEBxCDCAIAAAAAAAAAAAAQwATB4IL0WEEAAQAAAAAAAAAAAEBKmlwMJAAABg/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=2/br=1/ujg=1/rs=ACT90oHSInv_h1FKHQ6rTHtUzOuVvNaDrQ/ee=AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;IBADCc:RYquRb;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KOxcK:bFOvTc;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;QGR0gd:Mlhmy;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;SLtqO:Kh1xYe;SMDL4c:fTfGO,pnvXVc;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,pnvXVc;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,ms4mZb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?cb=72433548&xjs=s1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "ow.set("searchResultSelect",_.Vn("aFgeo"));ow.set("seating_class_selected",_.Vn("VTonCc"));ow.set("see_full_definition",_.Vn("Le", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function w(a){z&&z.tag&&z.tag(l(":","aui",a))}function p(a,b){z&&z.count&&z.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "<script type="text/javascript">(function(f) {var _np=(window.P._namespace("CartInlineFullServerSetting"));if(_np.guardFatal){_np", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected 3 times, the first in the element starting with: "<script> (function(d,f,R,H){function x(a){A&&A.tag&&A.tag(k(":","aui",a))}function n(a,b){A&&A.count&&A.count("aui:"+a,0===b?0:b", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> <!-- window.$Nav && $Nav.when("data").run(function(data) { data({"freshTimeout":{"t", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected in the element starting with: "<script type='text/javascript'> (function() { var viewportWidth = function() { return window.innerWidth || document.", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: "<!-- Append onload function to stretch image on load to avoid flicker when transitioning from low res image from Mason to large ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: "<!-- Append onload function to stretch image on load to avoid flicker when transitioning from low res image from Mason to large ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 3 times, the first in the element starting with: "<!-- Append onload function to stretch image on load to avoid flicker when transitioning from low res image from Mason to large ", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<!--used to resolve fatals from AmazonHttpSession, see https://sage.amazon.com/posts/286150 -->", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<!--used to resolve fatals from AmazonHttpSession, see https://sage.amazon.com/posts/286150 -->", see evidence field for the suspicious comment/snippet. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: "<!-- Append onload function to stretch image on load to avoid flicker when transitioning from low res image from Mason to large ", see evidence field for the suspicious comment/snippet. |
| Instances | 927 |
| Solution |
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
|
| Reference | |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10027 |
|
Informational |
Loosely Scoped Cookie |
|---|---|
| Description |
Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.
|
| URL | https://www.amazon.com/*/sim/B001132UEE |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/*/sim/B001132UEE?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2332587740l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2332587738l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2332587768l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2332587771l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2332587770l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2332587769l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2332587744l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2332587767l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2332587737l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587743l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587735l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 lc-main=en_US |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587736l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587750l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587731l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587738l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587738l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587741l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587743l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587768l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587770l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587768l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587732l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587735l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587748l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587748l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ap-fid="" session-id=147-4280155-9611859 session-id-time=2332587748l ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/exec/obidos/account-access-login |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/exec/obidos/change-style |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=132-3165371-6872408 |
| URL | https://www.amazon.com/exec/obidos/flex-sign-in |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=130-7402554-6248927 |
| URL | https://www.amazon.com/exec/obidos/handle-buy-box |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=136-8493707-0325261 |
| URL | https://www.amazon.com/exec/obidos/tg/cm/member/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=145-5865731-3714800 |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/associations/wizard.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=133-2937416-4658224 session-id-time=2082787201l session-id=135-6545954-1713505 |
| URL | https://www.amazon.com/gp/associations/wizard.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/aw/cr/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/aw/cr/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/aw/help/id=sss |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=136-9209887-2993654 session-id-time=2082787201l i18n-prefs=USD sp-cdn=L5Z9:BG |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/aws/ssop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=133-2937416-4658224 session-id-time=2082787201l session-id=135-6545954-1713505 |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/b2b-rd?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/cart |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=136-4449078-1591120 |
| URL | https://www.amazon.com/gp/cart/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/cart/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/cart/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/cart/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/cart?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/content-form |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/content-form?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/gp/customer-images |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/customer-images?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/customer-media/upload |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/customer-media/upload?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/digital/fiona/manage?ref_=footer_myk |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2082787201l |
| URL | https://www.amazon.com/gp/dmusic/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/dmusic/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/dmusic/order |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=133-2937416-4658224 session-id-time=2082787201l session-id=135-6545954-1713505 |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/dmusic/order?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/entity-alert/external |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/flex |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=132-9215383-9956466 |
| URL | https://www.amazon.com/gp/flex?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/gc/widget |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/gfix |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=132-5887336-4284607 session-id-time=2082787201l session-id=133-6770847-5623124 |
| URL | https://www.amazon.com/gp/gfix?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/item-dispatch |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=133-2937416-4658224 session-id-time=2082787201l session-id=135-6545954-1713505 |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/music/clipserve |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/music/wma-pop-up |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/offer-listing/9000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/offer-listing/B000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/pdp/invitation/invite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=133-6770847-5623124 |
| URL | https://www.amazon.com/gp/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/recsradio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/recsradio?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/redirect.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/redirect.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/registry/search.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/registry/search.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/richpub/syltguides/create |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/richpub/syltguides/create?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/rl/settings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/sign-in |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=132-7018169-2799420 |
| URL | https://www.amazon.com/gp/sign-in?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/sitbv3/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id-time=2082787201l session-id=135-6545954-1713505 |
| URL | https://www.amazon.com/gp/sitbv3/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/slredirect |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/slredirect?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/twitter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/twitter/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/library/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/watchlist/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/gp/vote |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/gp/vote?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/voting/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 session-token=ITSAedEY8zLSTXQyxN+EkZNhYU4LpCiuMxZYzGXCQvEjtslt533TSKE1r/dY27mQp07Pb+/pz55EkMBYR9G6c+rHZHSYaM/dGFOC2MKSKUXY/sc+xfVlpU5xPXIYv80T/XXM2vOf3g6ClJ6aofDZKLhqQ6BfyiusrA3aEHLGFro8aLnGx0tWVpqg6rDtIIxQgdBkZNK6xITecHVMcxMC1c5rkNMGxcD7G4ovnqbjg8uy3uDwPNgqTP0e5nCmq8OkwFRvytHgSg3PrhB9hxWmWFv3Ih1t2hEziFGxrrn+AdP4GngDZLgGPDI8TSWJU32uF8DI6PyURek9edCcW6ZDpEtn7/K1zKU1 |
| URL | https://www.amazon.com/gp/voting/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=133-2937416-4658224 |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/music/prime/signup?cancelRedirectURL=L211c2ljL3ByaW1l¬NowRedirectURL=L211c2ljL3ByaW1l&redirectURL=L211c2ljL3BsYXllcg&ref_=dm_lnd_pm_pmtr_11f73476 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2082787201l session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/music/unlimited/signup?notNowRedirectURL=L211c2ljL3VubGltaXRlZA%3D%3D&ref_=dm_lnd_hf_hfsgn_aab71000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 session-id-time=2082787201l session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/registries/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/registries/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/registries/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/review/common/du |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/review/common/du?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/review/dynamic/sims-box |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/review/dynamic/sims-box?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/rss/people/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com ubid-main=134-9805331-2128027 session-id-time=2082787201l session-id=147-4280155-9611859 |
| URL | https://www.amazon.com/wedding/gift-fund?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.amazon.com/wedding/shop/top-100?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com AEC=Ackid1QnLOJ1JEXoiZ3V3pMfv2Rf_kBbxo2LZkMbq0M2jIGc7yUxfW9KoEo __Secure-ENID=16.SE=r9sQFMoD3tZtpm9NUUXjo6wIWM6sU2J2hJeCgWjL-YxHKQIMygJsNhKCyM2xfhy6aurcVGqH8Roj1cDr_gybMzLw-rZjHgFKBXZBw7TKHAbMNEpzPWRIq431zpCQpxKy8WLUW12IoPfUCj0z2AF_5O2_HN4JD-99VxtZiPPq4VE CONSENT=PENDING+749 |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com AEC=Ackid1SDNUOYi1S1W2xp3LUpZjyPTcXt2zAk4mx9HfGvn223l_910oUD1fI __Secure-ENID=16.SE=u6g2Igiy9eOanbsxYDniHNlPCPlYETNDNh0dqLRIvqmol6GHGhoTzzF9Dsmek6kjaLwrDX2XudS8vW9o3eBNepCp-8i9ZzbAyG9YAy4f0OjzAmFHblnwxmgNEFp6nEUzElcRk56FlOd0zCbU8pMty4sfEPxyf3dJEekPp_ZTF54 CONSENT=PENDING+172 |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com AEC=Ackid1Seb2bV26xMxx3fbwu1YPzevChA44cBaUlPivw78_6jvSTQavp_Bw __Secure-ENID=16.SE=knmx-d6YsQWKLUclBOv3foXMdABzZHO9epCo4xhtP7acpqb1m8fuTZH9ybTytVjGPoEmRSY8MVtjMaEabLjJrx5puwUfFs5qza11UHJjRXjnPPPRRxoLNd0uJSW5bBa-OYDbSAG55bF-yyR293QiADECble3zJ26kfnsX2Cbrt0 CONSENT=PENDING+813 |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com AEC=Ackid1TQXh5mfxEjybeXiuyD-PtodkRHsROmljsWwKiLvOWukM2qS1Lue6E __Secure-ENID=16.SE=JEhClBETtkU0oBdIyDcRBljs6i4ROdvxmGAaUnexOlFsoc4dM2tE2a-K2ZwMZbxW4fOIdCNymEqw5kH_nnLTk4YlcvaQo28mKMd2M-y6s2eKmTzPyDruHoKiLDIe47-NgUi-RWT7EG6T14igxzPjuu9BX9kQIiFvfEMSkRuXliE CONSENT=PENDING+698 |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com __Secure-ENID=16.SE=BfptuzASiJ52VtO4glBuRdZ-3IUVJqoVRqB7PLaB6MMFYSB07aZQQj4D6oOXRGsV7v40Jd4voC6qPJHugE3Mh99pW0ooZX3poH0Nwm7pBaQ7v-RO-gloOeSLdGLkld3XoVDpRCwcVFVU6hbTGiaOjiAEKQK7MvAsvaVpGU_X5newAHcoqlgmcEknHAHaoV8 |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com __Secure-ENID=16.SE=IBgXpmy9HoUh6i-PfsNOsOuM_UxREkicyzsSXmPAJjSMQC30azy9wTXtLV-_THewxCWEVahaaPDcxuILiiMjF0d3YCyNHSF9z5BNL6HAL-slW_1O1Ela1lfZtJlHOyQYRhOiZt7XBxgsKC9ebF7j66wvg3vZh3APo8wflA774lGRLtk9zw3vTl54hvcYuKTI |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com __Secure-ENID=16.SE=KkKILj-VDPB7VyW3jbgDdyOzjGjgSGZakV_peBB1-b5N2T3-MkIDoUBm3J3YMo7L6LRxN5YUMeQgEva4PuAGyQSWxMmRtN6UV2XGzFGZ9KXm3luWdyAu4G3g--7fo_HD7ukQw1N6xNUaAkDv1dtny1CXVgnYKk51DVZUXplXTPTahk4p3u05NLbqdCaiu-4_ |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com __Secure-ENID=16.SE=YHdrjhl60LnJLG_qLWfZMcVvkgtmpsWkTGesHOMk4oKpe_gL6xYOBgVjnmUWu5GtQpH4mT4ACo68SgRbuAT0N3-_9_8MswsVLuuduorLEz9ITolmiwi5YV-I58jV1Fx671i80SLpN1FiKy1vLuVvGltwVOh7qcVGMNHlgb6SBd69LGn_fm6Nh1tcOtRcj4GU |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868345023&opi=89978449 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com NID=511=dK2efYIbCaYwxbjc9-bVsfFFOU0EgDpExx4d70NN60T-vBrzzgoLq_IMsokBe6A30ueUjWS51sM2oSUyvbe4UbGc-rdeisjKuyUq5LuC87l48gwr1YjoE93nASBCKvvAntyUfn0abo6_52MiXbOObOxd8I3TM8BWHj0iyugvpB14HXsdkDB_rFfQrA8N __Secure-ENID=delete |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: consent.google.com SOCS=CAISHAgBEhJnd3NfMjAyMzEyMDQtMF9SQzEaAmVuIAEaBgiA876rBg NID=511=WRXNjR8uYqa33LiFFztn5VvA8uFq6llIzNmzsIHshZyMnC6rI4uryxQTfbydYI2_B83aICvQ_PV-9OK6NRh3YmQHQBmmyIytc8nn9mvxGgPw-TcdVs8B2GkaXgPPNGs7turDQw6UcILfRE2SiBNIiORsklWS3BzDBUzP7YRBQItERz3IcBJIyaGL6vNU __Secure-ENID=delete |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.amazon.com session-id=147-4280155-9611859 ubid-main=134-9805331-2128027 session-token=PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 session-id-time=2082787201l i18n-prefs=USD lc-main=en_US |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=fi&st=26775&fid=0&zx=1701868345090&opi=89978449 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com NID=511=gcCxUiCPY7mP7_ARr0Gm45Xn41mKT0fDSqYL5fB6jdL1sO19SCplDoZAIrOarQzfLT2LS8s7yx9tIwMu5jIgeR289DiXBv_4k5EE_bru0p1ro-2JrCulF1wt_pwNfG-cLjmvEPUrgw_D4A1OnXFRgO1YGumowkoErPbx3eqxt87fhmuniJtIg4wVKvKQ __Secure-ENID=delete |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..h&bl=btNu&s=webhp&cdot=25419 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: www.google.com NID=511=mo_7nia26F_lUgt6Wcc---u0WBntB5BIV8Des-Bu77zuVKW5A1c0-MZqIa8ex0GydFY-m2qlViaPl1pxxwYG9Rs8rJ4BNKz2mKKGxcHrG5Hsy4f3Ih9f73vZ4ssmRo577iLvJAY1nXBfRlM5dhwX8pFbldmjvs0BsUMQONHzh29kIHacV3wXDBUYSiM0 __Secure-ENID=delete |
| Instances | 204 |
| Solution |
Always scope cookies to a FQDN (Fully Qualified Domain Name).
|
| Reference |
https://tools.ietf.org/html/rfc6265#section-4.1
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies |
| CWE Id | 565 |
| WASC Id | 15 |
| Plugin Id | 90033 |
|
Informational |
Modern Web Application |
|---|---|
| Description |
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
|
| URL | https://www.amazon.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/*/sim/B001132UEE |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=GF0YXBRSXKKY8EVM9VW2&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:GF0YXBRSXKKY8EVM9VW2$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DGF0YXBRSXKKY8EVM9VW2%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/*/sim/B001132UEE?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=7VW03D6FYN96KHTRYSXQ&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:7VW03D6FYN96KHTRYSXQ$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D7VW03D6FYN96KHTRYSXQ%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/-/en$ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/-/es/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/-/he$ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/-/he/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/-/zh_TW$ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/-/zh_TW/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/132-3165371-6872408?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/145-5865731-3714800?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/?_encoding=UTF8&ref_=sv_dmusic_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/?_encoding=UTF8&ref_=sv_dmusic_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/?_encoding=UTF8&ref_=sv_dmusic_7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/?ref_=footer_logo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/alm/storefront?almBrandId=QW1hem9uIEZyZXNo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/amazonprime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:GBZG2YT69PGNWTEE25WW$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DGBZG2YT69PGNWTEE25WW:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:SYPDNNEH72DTKG8V3DKK$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DSYPDNNEH72DTKG8V3DKK:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:78S0ZXHWREVHTW360KEH$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3D78S0ZXHWREVHTW360KEH:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:26SSVSDE7DM7JC6D30T0$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3D26SSVSDE7DM7JC6D30T0:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:QRRPVP00MGVFGA6JDGRZ$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DQRRPVP00MGVFGA6JDGRZ:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:W3FYQ7P1NPWATQEFNP9T$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DW3FYQ7P1NPWATQEFNP9T:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:4R9TRPWZGXE25VZHHXC3$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3D4R9TRPWZGXE25VZHHXC3:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:4AAH4QACFT9B28TAYRA0$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3D4AAH4QACFT9B28TAYRA0:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:Z6FQ4MRJQK91125NBRC1$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DZ6FQ4MRJQK91125NBRC1:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin/ref=cart_empty_sign_in?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcart%3Fapp-nav-type%3Dnone%26dc%3Ddf |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dfooter_yo&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_AccountFlyout_orders&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_orders_first&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:Q699XA2PY2XVDXYA05F7$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DQ699XA2PY2XVDXYA05F7:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?language=EN_US&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcreatorhub |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?language=EN_US&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcreatorhub%2F |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id="remember_me_learn_more_link" class="a-link-normal" href="#"> Details </a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_psr_desktop_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fspr%2Freturns%2Fhomepage%2Fhomepage.html%3Fref_%3Dfooter_hy_f_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_subscribe_save_myd_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fauto-deliveries%2Fviewsubscriptions%3Fref_%3Dnav_AccountFlyout_sns |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:6M299B15R919TATVY4AW$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3D6M299B15R919TATVY4AW:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_wishlist_desktop_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=900&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fls&pageId=Amazon |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-seemore%26node%3D18190131011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:ZPJVAW6CVQVXGXY59DP3$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DZPJVAW6CVQVXGXY59DP3:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D10232440011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D14498690011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:QRG01WGPNN183V6SSEWH$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DQRG01WGPNN183V6SSEWH:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:GRNRKB7A5FGS3WTV9C97$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DGRNRKB7A5FGS3WTV9C97:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:7DCX2FEWJS022JJERTVE$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3D7DCX2FEWJS022JJERTVE:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D230659011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:VXJ35DCQH2PQ0WSEACHK$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DVXJ35DCQH2PQ0WSEACHK:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fcountry%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252F%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fhistory%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:QNSX5J6MG4RG5HS0DG83$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DQNSX5J6MG4RG5HS0DG83:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26preferencesReturnUrl%3D%252Fgp%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:V3RGQ56X1DEKDY563MX1$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DV3RGQ56X1DEKDY563MX1:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:13TN80SX064C4N1MM22V$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3D13TN80SX064C4N1MM22V:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:NHGSKYRSTT3YT3ZB2SGR$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DNHGSKYRSTT3YT3ZB2SGR:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fget%2F%3F_encoding%3DUTF8%26ue_back%3D1%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgift-cards%2Fb%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26node%3D2238192011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcart%2Fview.html%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:72ENP9Y3V2BHE42BHHMS$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3D72ENP9Y3V2BHE42BHHMS:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fwedding%2Fhomepage%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:2RNPX10DC5FKAJESZFYT$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3D2RNPX10DC5FKAJESZFYT:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz%2Fwishlist%2Fintro%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:XV1PGFNJ82K99Q61PSDV$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DXV1PGFNJ82K99Q61PSDV:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:C37V7XDVZSY8V4987M2E$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DC37V7XDVZSY8V4987M2E:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img height="1" width="1" style='display:none;visibility:hidden;' src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:N55VW18HV86Q9AWARXG6$uedata=s:%2Fap%2Fuedata%3Fnoscript%26id%3DN55VW18HV86Q9AWARXG6:0' alt=""/> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fs%2F%3F_encoding%3DUTF8%26field-keywords%3DZAP%26ref%3Dcs_503_search%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ASUS-NVIDIA-GeForce-Graphics-DisplayPort/dp/B0BQTVQQP4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0BQTVQQP4&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&node=120430535011&pd_rd_i=B0BCMXWNLS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b/?_encoding=UTF8&ld=AZUSSOA-sell&node=12766669011&ref_=nav_cs_sell |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=23653176011&ref_=sv_dmusic_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b/?ld=AZUSSOA-seemore&node=18190131011&ref_=footer_seemore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b/ref=s9_acss_bw_cg_sbp22c_1e1_w/ref=SBE_navbar_5?node=18018208011&pf_rd_i=17879387011&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=56621c3d-cff4-45e1-9bf4-79bbeb8006fc&pf_rd_r=6W5X52VNZRB7GK1E1VX2&pf_rd_s=merchandised-search-top-3&pf_rd_t=30901 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/b?node=2238192011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Bac-Zap-Odor-Eliminator-1_gallon/dp/B007MCJJWE/ref=sr_1_29?keywords=ZAP&qid=1701867726&sr=8-29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Barbie-DreamHouse-Furniture-Accessories-Wheelchair-Accessible/dp/B08V1R73H9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B08V1R73H9&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Chispee-Finishing-Weaving-Leather-Melting/dp/B0CHK2D5PM/ref=sr_1_36?keywords=ZAP&qid=1701867726&sr=8-36 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Cleansing-Conditioner-Treatment-Sulfur-Greasy/dp/B08WCMNBWC/ref=sr_1_31?keywords=ZAP&qid=1701867726&sr=8-31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Coupons/b/?ie=UTF8&node=2231352011&ref_=sv_subnav_goldbox_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/country?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_icp_cp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=footer_lang |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2F&ref_=topnav_lang_ais |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Ding-Zap-Falcones-Emergency-Repair/dp/B0BF7NXYMG/ref=sr_1_41?keywords=ZAP&qid=1701867726&sr=8-41 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/dp/B07984JN3L?ie=UTF-8&plattr=ACOMFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/dp/B088R7QF3J?binding=kindle_edition&qid=1701867726&ref_=dbs_s_aps_series_rwt_tkin&searchxofy=true&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/dp/e-mail-friend/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/dp/manual-submit/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/dp/product-availability/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/dp/rate-this-item/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/dp/shipping/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/EIOTCLUB-Prepaid-LTE-Cellular-Card/dp/B096X8471C/ref=nta-top-sellers_d_sccl_1_8/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Electric-Mosiller-Rechargeable-Powerful-Mosquitoes/dp/B09Q8W67XQ/ref=sr_1_57?keywords=ZAP&qid=1701867726&sr=8-57 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Electric-Swatter-Racket-Rechargeable-Charging/dp/B08GWRCQKJ/ref=sr_1_55?keywords=ZAP&qid=1701867726&sr=8-55 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Electric-Swatter-Rechargeable-Attractant-Charging/dp/B085DNM6JC/ref=sr_1_6?keywords=ZAP&qid=1701867726&sr=8-6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Episode-2/dp/B091F259D2/ref=sr_1_47?keywords=ZAP&qid=1701867726&sr=8-47 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=%2Bw%2BSZ5NKCNicxUMlC%2Bk0dQ%3D%3D&amzn-r=%2Fref%3Dnav_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=%2F3fuOxEhwt63ufV6T0bxcA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=03tZvbYvlNFf2acq5oHUcQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fwrite-a-review.html%3Fue_back%3D1&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=08uZdACqvtGgyluS825gmg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0Lihl1baWvhf6TOkXodwsA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0XduUglPDjNSMjsxubrj3Q%3D%3D&amzn-r=%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0YOsOdJkoTlrb2JQ0RFSDA%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=1QT5N1E%2BoHYA3uY20Z45Qw%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=2%2BTC4M6etm0GUm88X8TuOQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=2UjxEKDb5KJ%2F9hQYTEgkuA%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3c9Q%2BP%2FBegFwrtaVnNB7JQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3LujxYM0A0USyG2OFfjV7w%3D%3D&amzn-r=%2Fref%3Dcs_503_link&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3v%2FH%2F%2Fp8hxS87L1CRjIe8g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=4CRscPzyeHD5oPwdd4g72g%3D%3D&amzn-r=%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=4L6GAxTLeRFZV1Ql%2F0XDbg%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=5PEpbY7VE%2Fx%2BF4QsbQCCsA%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=5wtQMuRaMjiNWnLNzrc%2FVQ%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=7fi5ByKad%2BdcvxZljfMzqA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=89kxzNpqpBqZafLdlFX0nQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=8T23TyPKJ9nYw28W4EnfEw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=95jTc%2Fjf17cFyeMo2q5R7g%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=97fM1dyt3h9Jc6nkywTmLA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9AQHcF15x6pT5YUsFxlgBg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9dkyynGR9nYfowg38vfKbQ%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9OGFBL46Q7pNVyNctgZC0w%3D%3D&amzn-r=%2Fhz%2Fmycd%2Fmyx%3FpageType%3Dcontent%26ref_%3Dnav_AccountFlyout_myk&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9Z05sBM3FDHZbxQkWsnZ0Q%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=apEvdI6SD8q8%2Bj6RqXItyg%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=BdXJNklVh%2FTo3oUFbCnlxg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=BMw1tPBj4bD27JeQvJERag%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=c2HyZR58QutNLD12xni6Nw%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=C7pO3cDUAWU%2FidqGpXFrjg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fiyr%2F%3Fie%3DUTF8%26ref_%3Dsv_ys_3&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=cHeprgreEvleNxcpw6qQ7g%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Czxv0r4fsgCtUApC77nCZA%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=D2GoufXGvut9%2FZMuYkd9sQ%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fauth-redirect%2Fref%3Datv_auth_red_bef%3FreturnUrl%3D%2Fgp%2Fvideo%2Fmystuff%2Fref%253Datv_auth_red_aft&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=DnotI5d00ATvL%2FoB2Njr5w%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub%252F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=E%2FKdDDIE0Gs6JwlreVZSrg%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=eJOcfxJSLiZ0gj%2BmnQ4giQ%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=eSdz%2BgPr%2BBR7xoxjOIfsSw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ESObOh2M%2BMzmGyC8otRToQ%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=f5ESAwpSkihjQPIl%2Bs9hlA%3D%3D&amzn-r=%2F%3Fref_%3Dfooter_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=FcYso%2F%2BzwFW3yW%2B%2Fwf7JMg%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=fFfU2T%2FD4%2FQzYRxmhnr52g%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Ffm%2BNimpxLDgRmnUlPCD%2FA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ha10fxEJzSh0nMyxhNHj8Q%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=HbRcpcErDWcoTPiIjQDrsw%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=hWVbQrVPP60R%2FMEYDNFUqg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IBfhlLDppwFRNkZKaih9Tw%3D%3D&amzn-r=%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-sell%26node%3D12766669011%26ref_%3Dnav_cs_sell&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ic88goIdY908wj6AsV8uHQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IgYhIcpecxxWcC1CwgCm6w%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IKULlAVXx5%2B3JVfsoGdx7A%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=itO3%2BJP6Ug64elgLVDhWQQ%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=jGyPq5xFSGjtlCbvS8hq8Q%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=L5KXWOaTj0isegvpVanBeg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fhome%2F%3Fie%3DUTF8%26ref_%3Dtopnav_storetab_ys&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=lmOkLtqxprRCC9EF%2FZOFHQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=moJ2W1sEIk5sorRfxeE4jw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=nC%2BIi4ovQgV0mddORPTlFg%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=NprXEQdwV%2BMflR6xPECeGA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=oCXu0M3f0U%2BzmrEAPhaLTQ%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ODTLp74NeoowmDKyrtofhQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=PBV26dQb2Y1INzjq5mIGOg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=qJp9aWa6EQ0ORMOoPRQ6RA%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=qootGElqNGNfpg%2Bx7sUGqw%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=r6Uog%2FdbGV4fFmxHdfuShg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=RjMI0bt%2BzVNA3JMjMzJg2Q%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=roxXxt79k1e3OYCnTuWDqQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=sM62fbadJtqMKBmZutzqTQ%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=SOJEh0g5GNh3yz21vEi58w%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TWOp0asBI%2FWBWTIkLTtsjA%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=UHco0R4f7vMNkEDM0GQbJA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=uppjsyIHBaraQddL4MAISw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Uqe%2Bj44L232HSBHTqi%2FQzA%3D%3D&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=UQmQcTwDE1aALXI5YMgUmg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=v74vI2HNtwdsMew0%2BCa4yg%3D%3D&amzn-r=%2Fgp%2Fentity-alert%2Fexternal%3Fue_back%3D1&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VBA%2FWqJZtFSpIx8jQO%2B2TQ%3D%3D&amzn-r=%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VMnQX6Wwf9aoBCz%2FnmLPHg%3D%3D&amzn-r=%2Fref%3Dcs_503_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VpYg%2FzqJm%2BlfCHmQSz%2Bi%2FA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=WKtfmT6sXhu4UctX4MQXpw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=wmaWYeM7tTV892Nv5IT%2Brw%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=WU2u70mTqqsTO3A7Q01gmQ%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=wW1ICK07PtAJyLMWPtekow%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=xqei7DKY8jFewDqaI%2BL31g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yGcmbher93sEDsbGY%2BmhpA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yIpcu%2ByTIT%2BGhSDjfI7iNA%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yu6%2FEfW%2FwPCqmg47siCmZw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=zeQeO2v0hNNZMPEQzdgpPg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Zl3unZKkp2iFjlOckDEA6Q%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=zWHXuJMe95diKgc3YS%2BIAQ%3D%3D&amzn-r=%2Fdp%2FB07984JN3L%3Fie%3DUTF-8%26plattr%3DACOMFO&field-keywords=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/events/deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/GameXcel-Zapper-Electric-Swatter-Mosquito/dp/B08BP57MMH/ref=sr_1_23?keywords=ZAP&qid=1701867726&sr=8-23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/-/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/-/gfhz/add-wishlist |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/-/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=sv_wl_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/?_encoding=UTF8&ref_=topnav_storetab_cm_gft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gcx/Gifts-for-Adults/gfhz/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Giegxin-Natural-Tropical-Hawaiian-Costume/dp/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/GOOTOP-Mosquito-Zapper-Outdoor-Electric/dp/B09PQF39PG/ref=sr_1_38?keywords=ZAP&qid=1701867726&sr=8-38 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=N0PZ8PAZXT57M77NWZ0W&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:N0PZ8PAZXT57M77NWZ0W$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DN0PZ8PAZXT57M77NWZ0W%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=8AWNTQHXXRFRRYW07G95&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:8AWNTQHXXRFRRYW07G95$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D8AWNTQHXXRFRRYW07G95%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=AXHEA1Z518XCTMPWCANV&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:AXHEA1Z518XCTMPWCANV$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DAXHEA1Z518XCTMPWCANV%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=ZTYQNNF8MD0NHQNNC1N2&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:ZTYQNNF8MD0NHQNNC1N2$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DZTYQNNF8MD0NHQNNC1N2%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=6RX4SBMC9ZS7WQ5SYCKQ&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:6RX4SBMC9ZS7WQ5SYCKQ$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D6RX4SBMC9ZS7WQ5SYCKQ%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=KVWW9GMJTDCK71F9HMZ9&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:KVWW9GMJTDCK71F9HMZ9$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DKVWW9GMJTDCK71F9HMZ9%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=SKHNJ34FJWX3JGMAK85X&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:SKHNJ34FJWX3JGMAK85X$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DSKHNJ34FJWX3JGMAK85X%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=PK06TDEY641SJG7FE64S&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:PK06TDEY641SJG7FE64S$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DPK06TDEY641SJG7FE64S%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=33B6CS1RJ2S4C0ZNSWR0&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:33B6CS1RJ2S4C0ZNSWR0$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D33B6CS1RJ2S4C0ZNSWR0%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=MJVSJDRB5BGMWNAE4AW9&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:MJVSJDRB5BGMWNAE4AW9$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DMJVSJDRB5BGMWNAE4AW9%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=02F1B042JRW6MG16TCJV&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:02F1B042JRW6MG16TCJV$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D02F1B042JRW6MG16TCJV%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=1Z3VXBPNK2C81GBG4KT6&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:1Z3VXBPNK2C81GBG4KT6$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D1Z3VXBPNK2C81GBG4KT6%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=50DKET0G21GFTX5NR4HJ&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:50DKET0G21GFTX5NR4HJ$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D50DKET0G21GFTX5NR4HJ%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/associations/wizard.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=MNENB3WDK2Y4H6FJD1CE&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:135-6545954-1713505:MNENB3WDK2Y4H6FJD1CE$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DMNENB3WDK2Y4H6FJD1CE%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/associations/wizard.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=PEVE67BRDBXT5JKJYDWN&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:PEVE67BRDBXT5JKJYDWN$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DPEVE67BRDBXT5JKJYDWN%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/aw/cr/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=KAHRR4AF1M5C6ZHNJYNK&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:KAHRR4AF1M5C6ZHNJYNK$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DKAHRR4AF1M5C6ZHNJYNK%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/aw/cr/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=Y89KQTWG7TTMZWKA1H1C&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:Y89KQTWG7TTMZWKA1H1C$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DY89KQTWG7TTMZWKA1H1C%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=BYWEH3FEAN0MXRW0A2R9&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:BYWEH3FEAN0MXRW0A2R9$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DBYWEH3FEAN0MXRW0A2R9%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=88DDJH73759FVXCK962B&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:88DDJH73759FVXCK962B$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D88DDJH73759FVXCK962B%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/aws/ssop |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=WCE9CN4FM6BC9SZ3RTEN&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:135-6545954-1713505:WCE9CN4FM6BC9SZ3RTEN$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DWCE9CN4FM6BC9SZ3RTEN%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=CRNHYFDCMGYA1WW18A44&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:CRNHYFDCMGYA1WW18A44$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DCRNHYFDCMGYA1WW18A44%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=FV0VT2JMA1B9H546470B&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:FV0VT2JMA1B9H546470B$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DFV0VT2JMA1B9H546470B%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/b2b-rd?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=PGTVT802A57S10DYE27W&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:PGTVT802A57S10DYE27W$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DPGTVT802A57S10DYE27W%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/browse.html/ref=vas_sf_load_?node=8098158011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/browse.html?node=10232440011&ref_=footer_reload_us |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/browse.html?node=16218619011&ref_=footer_swp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/browse.html?node=2102313011&ref_=footer_devices |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/browse.html?node=388305011&ref_=footer_tfx |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/cart |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=KJY7W7FWHMNM0TZC9RWZ&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:136-4449078-1591120:KJY7W7FWHMNM0TZC9RWZ$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DKJY7W7FWHMNM0TZC9RWZ%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/cart/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=Y2ZM93K5DW0N6ZJQ4SF5&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:Y2ZM93K5DW0N6ZJQ4SF5$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DY2ZM93K5DW0N6ZJQ4SF5%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=MB4WTVRG84R5KX039MBX&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:MB4WTVRG84R5KX039MBX$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DMB4WTVRG84R5KX039MBX%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/cart/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=FDEXC2V6QKZ6AZXYFVW7&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:FDEXC2V6QKZ6AZXYFVW7$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DFDEXC2V6QKZ6AZXYFVW7%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/cart/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=2WA225SQWKZHGQAXVJHT&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:2WA225SQWKZHGQAXVJHT$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D2WA225SQWKZHGQAXVJHT%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/cart/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=06SA5AXGQHF5EJ4AFTAB&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:06SA5AXGQHF5EJ4AFTAB$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D06SA5AXGQHF5EJ4AFTAB%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/cart/view.html?ref_=nav_err_ewc_timeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/cart?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=3BV9FT1ZXFER89W1RJHY&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:3BV9FT1ZXFER89W1RJHY$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D3BV9FT1ZXFER89W1RJHY%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/cdp/member-reviews/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/content-form |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=AGT0JAK5TBDYNBDQJ39W&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:AGT0JAK5TBDYNBDQJ39W$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DAGT0JAK5TBDYNBDQJ39W%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/content-form?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=4AHC6Q7NA500NAKMNT6Y&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:4AHC6Q7NA500NAKMNT6Y$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D4AHC6Q7NA500NAKMNT6Y%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-images |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=2KSNA3E6CZNB2Y0SYHF7&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:2KSNA3E6CZNB2Y0SYHF7$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D2KSNA3E6CZNB2Y0SYHF7%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-images?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=H3XW4KDZACDMWY3XMYA1&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:H3XW4KDZACDMWY3XMYA1$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DH3XW4KDZACDMWY3XMYA1%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=07BWCF2G9BFS2WAT7DYY&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:07BWCF2G9BFS2WAT7DYY$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D07BWCF2G9BFS2WAT7DYY%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=FRYHHF0B3Y4WV5Z3P88V&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:FRYHHF0B3Y4WV5Z3P88V$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DFRYHHF0B3Y4WV5Z3P88V%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=CKJSQA0WR4N6JQF3BQC8&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:CKJSQA0WR4N6JQF3BQC8$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DCKJSQA0WR4N6JQF3BQC8%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=8FVD3S6256SP1JSY6JDZ&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:8FVD3S6256SP1JSY6JDZ$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D8FVD3S6256SP1JSY6JDZ%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-media/upload |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=HYSFJFR7B31V19QV0PBT&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:HYSFJFR7B31V19QV0PBT$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DHYSFJFR7B31V19QV0PBT%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-media/upload?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=7P69HHY1REMXVDZ2HJ3J&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:7P69HHY1REMXVDZ2HJ3J$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D7P69HHY1REMXVDZ2HJ3J%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-reviews/common/du |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/customer-reviews/dynamic/sims-box |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=DMW032KW515C537ZNAVB&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:DMW032KW515C537ZNAVB$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DDMW032KW515C537ZNAVB%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/dmusic/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=EF7REY7J3CGVWSDGQMBD&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:EF7REY7J3CGVWSDGQMBD$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DEF7REY7J3CGVWSDGQMBD%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/dmusic/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=43D8FKDQZ91QCMAJJ2F6&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:43D8FKDQZ91QCMAJJ2F6$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D43D8FKDQZ91QCMAJJ2F6%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/dmusic/order |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=PGS7PWT5NBRKWM4KZNZB&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:135-6545954-1713505:PGS7PWT5NBRKWM4KZNZB$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DPGS7PWT5NBRKWM4KZNZB%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=AEVJC6QQ8HD6PNZ0MKGK&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:AEVJC6QQ8HD6PNZ0MKGK$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DAEVJC6QQ8HD6PNZ0MKGK%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=CNFYGVMZS6MD1WF77C0R&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:CNFYGVMZS6MD1WF77C0R$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DCNFYGVMZS6MD1WF77C0R%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/dmusic/order?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=P3M0DN7FPSK8A237KGYA&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:P3M0DN7FPSK8A237KGYA$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DP3M0DN7FPSK8A237KGYA%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/entity-alert/external |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=2M38KZXKCSH2YTCTDW5T&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:2M38KZXKCSH2YTCTDW5T$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D2M38KZXKCSH2YTCTDW5T%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/entity-alert/external?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/flex |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=D0FEJ28H4AJHCT84SS1G&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:132-9215383-9956466:D0FEJ28H4AJHCT84SS1G$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DD0FEJ28H4AJHCT84SS1G%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/flex?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=2843QW1YGK2ADQB0BDWH&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:2843QW1YGK2ADQB0BDWH$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D2843QW1YGK2ADQB0BDWH%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/gc/widget |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=HMW8T12R252DDRD2PX7Z&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:HMW8T12R252DDRD2PX7Z$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DHMW8T12R252DDRD2PX7Z%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=K7Q6WS07R6PS66NNMPB5&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:K7Q6WS07R6PS66NNMPB5$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DK7Q6WS07R6PS66NNMPB5%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=DQSRAAGYWSQ6Z11PF3T5&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:DQSRAAGYWSQ6Z11PF3T5$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DDQSRAAGYWSQ6Z11PF3T5%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/gfix |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=B0B9CXR6S6CNT6450E3X&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:133-6770847-5623124:B0B9CXR6S6CNT6450E3X$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DB0B9CXR6S6CNT6450E3X%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/gfix?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=HG3GBHYC8EH0CQCPE3M5&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:HG3GBHYC8EH0CQCPE3M5$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DHG3GBHYC8EH0CQCPE3M5%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/goldbox/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/goldbox/?ie=UTF8&ref_=topnav_storetab_subnav_goldbox |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/goldbox/ref=cart_empty_deals |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/help/customer/contact-us |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=Q5G901NQ1MC6Z57DME8P&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:Q5G901NQ1MC6Z57DME8P$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DQ5G901NQ1MC6Z57DME8P%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=2QN51WM6363YACC173X2&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:2QN51WM6363YACC173X2$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D2QN51WM6363YACC173X2%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/history |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/history/?ie=UTF8&ref_=sv_ys_1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/history?ref_=nav_AccountFlyout_browsinghistory |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=YF4AE1FF6DHZ9A5BHS6W&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:135-6545954-1713505:YF4AE1FF6DHZ9A5BHS6W$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DYF4AE1FF6DHZ9A5BHS6W%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=A4TD8T65MA3AN2GRRG46&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:A4TD8T65MA3AN2GRRG46$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DA4TD8T65MA3AN2GRRG46%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=28C41J0X5ATV52HQ161D&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:28C41J0X5ATV52HQ161D$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D28C41J0X5ATV52HQ161D%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=9AX29VYD3H5SBK7CF99K&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:9AX29VYD3H5SBK7CF99K$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D9AX29VYD3H5SBK7CF99K%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/music/clipserve |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=W6TQDJBMNBB66VHTNH78&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:W6TQDJBMNBB66VHTNH78$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DW6TQDJBMNBB66VHTNH78%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=1EFYFGZT8YXYSPXN15E5&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:1EFYFGZT8YXYSPXN15E5$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D1EFYFGZT8YXYSPXN15E5%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/music/wma-pop-up |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=KRA1T1Z92P0PE6WWCTV4&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:KRA1T1Z92P0PE6WWCTV4$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DKRA1T1Z92P0PE6WWCTV4%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=57CNZ33807Z2NF10ZF6F&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:57CNZ33807Z2NF10ZF6F$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D57CNZ33807Z2NF10ZF6F%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=7GW14SP04JQH5ABK7QYV&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:7GW14SP04JQH5ABK7QYV$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D7GW14SP04JQH5ABK7QYV%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=VD1K5XK101T25S4FGHX4&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:VD1K5XK101T25S4FGHX4$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DVD1K5XK101T25S4FGHX4%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=C50HD6Q541VK4VFESD9T&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:C50HD6Q541VK4VFESD9T$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DC50HD6Q541VK4VFESD9T%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/offer-listing/9000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=1WFHBDDCG810GF5YK07X&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:1WFHBDDCG810GF5YK07X$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D1WFHBDDCG810GF5YK07X%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=ADP01PVYNHX665SG5GZ8&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:ADP01PVYNHX665SG5GZ8$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DADP01PVYNHX665SG5GZ8%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=P7WR7742GJXS34V08QQF&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:P7WR7742GJXS34V08QQF$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DP7WR7742GJXS34V08QQF%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/offer-listing/B000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=4V37TFZ4BS0VAPPHY0HJ&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:4V37TFZ4BS0VAPPHY0HJ$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D4V37TFZ4BS0VAPPHY0HJ%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=KZ5Z48CAPGPG8VX17QHD&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:KZ5Z48CAPGPG8VX17QHD$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DKZ5Z48CAPGPG8VX17QHD%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/orc/rml/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=BS5SJ8PVE3269A2WVS4Z&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:BS5SJ8PVE3269A2WVS4Z$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DBS5SJ8PVE3269A2WVS4Z%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=S257MZE0YP0YVBTACJWA&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:S257MZE0YP0YVBTACJWA$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DS257MZE0YP0YVBTACJWA%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=0TSXQG69TABS9N2MN4BS&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:0TSXQG69TABS9N2MN4BS$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D0TSXQG69TABS9N2MN4BS%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=EKZMH77N5KH9EMJFS91N&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:EKZMH77N5KH9EMJFS91N$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DEKZMH77N5KH9EMJFS91N%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/product/e-mail-friend |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/product/product-availability |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/product/rate-this-item |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=GSV6C79C01MVD6RE6E38&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:133-6770847-5623124:GSV6C79C01MVD6RE6E38$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DGSV6C79C01MVD6RE6E38%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=F2703RBKPXCGBA963E2F&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:F2703RBKPXCGBA963E2F$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DF2703RBKPXCGBA963E2F%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/recsradio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=QWZRXD92MJDRK92N74C2&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:QWZRXD92MJDRK92N74C2$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DQWZRXD92MJDRK92N74C2%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/recsradio?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=YWHMA1DQEF1CC76WEQPB&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:YWHMA1DQEF1CC76WEQPB$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DYWHMA1DQEF1CC76WEQPB%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/redirect.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=KTSSXN5Y7FTWMK2169MS&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:KTSSXN5Y7FTWMK2169MS$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DKTSSXN5Y7FTWMK2169MS%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/redirect.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=JS17FZBAF6JNZXRBBS03&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:JS17FZBAF6JNZXRBBS03$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DJS17FZBAF6JNZXRBBS03%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/registry/search.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=6BDT2114JQRFTTBQGRDH&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:6BDT2114JQRFTTBQGRDH$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D6BDT2114JQRFTTBQGRDH%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/registry/search.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=QQTRCE7CZH7MCKWG1J0C&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:QQTRCE7CZH7MCKWG1J0C$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DQQTRCE7CZH7MCKWG1J0C%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/rentallist |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var aPageStart = (new Date()).getTime();</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=5RMFKRFX7A2ZFB2NWQYD&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:5RMFKRFX7A2ZFB2NWQYD$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D5RMFKRFX7A2ZFB2NWQYD%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=FJ93S7C0CB3V67HS111G&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:FJ93S7C0CB3V67HS111G$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DFJ93S7C0CB3V67HS111G%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=ZCP1JXMRFEJTR0G849ZG&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:ZCP1JXMRFEJTR0G849ZG$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DZCP1JXMRFEJTR0G849ZG%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=3JTTRPP451H4B7V2GWJK&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:3JTTRPP451H4B7V2GWJK$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D3JTTRPP451H4B7V2GWJK%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=4QQD9QRNB4G6WYQCJWTK&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:4QQD9QRNB4G6WYQCJWTK$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D4QQD9QRNB4G6WYQCJWTK%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=WW8RT5GXNKVA1D98TFBJ&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:WW8RT5GXNKVA1D98TFBJ$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DWW8RT5GXNKVA1D98TFBJ%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=BQFYC9E8TVPX47RAEW8K&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:BQFYC9E8TVPX47RAEW8K$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DBQFYC9E8TVPX47RAEW8K%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/richpub/syltguides/create?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=R64GX02ZDJWMRRBX47QA&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:R64GX02ZDJWMRRBX47QA$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DR64GX02ZDJWMRRBX47QA%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/rl/settings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=HGEM81S0CH0XRD441JF0&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:HGEM81S0CH0XRD441JF0$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DHGEM81S0CH0XRD441JF0%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=GVYS3XPQAMEVJRSD6KB6&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:GVYS3XPQAMEVJRSD6KB6$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DGVYS3XPQAMEVJRSD6KB6%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/sign-in |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=6PE92FT3QPKW177SFKDA&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:132-7018169-2799420:6PE92FT3QPKW177SFKDA$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D6PE92FT3QPKW177SFKDA%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/sign-in?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=KPYV6TB3JED07RV34N9D&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:KPYV6TB3JED07RV34N9D$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DKPYV6TB3JED07RV34N9D%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/sitbv3/reader |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=R8XNM7E4NW0CK8W103VM&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:135-6545954-1713505:R8XNM7E4NW0CK8W103VM$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DR8XNM7E4NW0CK8W103VM%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/sitbv3/reader?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=2ZAA9BD0VW676AHVT7RH&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:2ZAA9BD0VW676AHVT7RH$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D2ZAA9BD0VW676AHVT7RH%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=NKCV5ZZSWRSYHJBAGV47&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:NKCV5ZZSWRSYHJBAGV47$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DNKCV5ZZSWRSYHJBAGV47%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=RQE0YKGG0AT5YN4BRRBN&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:RQE0YKGG0AT5YN4BRRBN$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DRQE0YKGG0AT5YN4BRRBN%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/slredirect |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=7KQTD5V24NWM6F0Z013X&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:7KQTD5V24NWM6F0Z013X$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D7KQTD5V24NWM6F0Z013X%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/slredirect?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=XM87YZADCS23GKC3SHM6&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:XM87YZADCS23GKC3SHM6$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DXM87YZADCS23GKC3SHM6%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/socialmedia/giveaways |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=2G1HC0JMHZH1HK08RT2A&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:2G1HC0JMHZH1HK08RT2A$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D2G1HC0JMHZH1HK08RT2A%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=KYYVMS2H9T65HPWHRXD8&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:KYYVMS2H9T65HPWHRXD8$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DKYYVMS2H9T65HPWHRXD8%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/twitter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=QCZCS6JSKGRR73D8V15B&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:QCZCS6JSKGRR73D8V15B$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DQCZCS6JSKGRR73D8V15B%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/twitter/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=ED5QDDQQC8TMY4AX4CKD&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:ED5QDDQQC8TMY4AX4CKD$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DED5QDDQQC8TMY4AX4CKD%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/video/mystuff |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/video/settings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/vote |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=2HEHNCBP48GNZEM8T8ZT&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:2HEHNCBP48GNZEM8T8ZT$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D2HEHNCBP48GNZEM8T8ZT%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/vote?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=8YY49YP1TR5T3V9M5WS9&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:8YY49YP1TR5T3V9M5WS9$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D8YY49YP1TR5T3V9M5WS9%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/voting/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=NWMMCMQKFMDXR85ZKQK4&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:NWMMCMQKFMDXR85ZKQK4$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DNWMMCMQKFMDXR85ZKQK4%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/voting/?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=HPP1TJSX9F1RRSKEHCJ2&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:HPP1TJSX9F1RRSKEHCJ2$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DHPP1TJSX9F1RRSKEHCJ2%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/gp/wedding/homepage/?ie=UTF8&ref_=sv_cm_gft_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/yourstore/home/?ie=UTF8&ref_=topnav_storetab_ys |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/yourstore/iyr/?ie=UTF8&ref_=sv_ys_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/yourstore/recs/?ie=UTF8&ref_=sv_ys_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/yourstore/recs/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/gp/yourstore?ref_=nav_AccountFlyout_recs |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Herbal-Zap-Instantly-Dissolving-Supplement/dp/B01L4J9O8Y/ref=sr_1_33?keywords=ZAP&qid=1701867726&sr=8-33 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/hz/mycd/myx?pageType=content&ref_=nav_AccountFlyout_myk |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/hz/wishlist/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/hz/wishlist/friends/ref_=cm_wl_your_friends |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/hz/wishlist/get?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/hz/wishlist/intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Iron-Flame-Empyrean-Rebecca-Yarros/dp/1649374178/ref=nta-top-sellers_d_sccl_1_5/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Lets-Clean-The-House/dp/B0B8PGK8XW/ref=sr_1_56?keywords=ZAP&qid=1701867726&sr=8-56 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Living-Puppet-9-Inch-Friendly-Monster/dp/B0CJQBMHW1/ref=sr_1_48?keywords=ZAP&qid=1701867726&sr=8-48 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Master-Lock-8417D-Python-Keyed/dp/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/music/free/?_encoding=UTF8&ref_=sv_dmusic_2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/music/lp/podcasts/?_encoding=UTF8&ref_=sv_dmusic_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/music/prime |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/music/unlimited |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/music/unlimited/why-hd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/music/unlimited?ref=dm_LP_AMP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Nittaku-3-stars-Premium-Table-Tennis/dp/B017VPIY4U/ref=nta-top-sellers_d_sccl_1_7/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Nokia-Unlocked-Hotspot-Assistant-Charcoal/dp/B08SV2Y7J6/ref=nta-top-sellers_d_sccl_1_6/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Outdoor-Cordless-Rechargeable-Mosquito-Equipped/dp/B0BNN13X69/ref=sr_1_43?keywords=ZAP&qid=1701867726&sr=8-43 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Outdoor-High-Power-Mosquito-Waterproof-Backyard/dp/B0BVQWLLT7/ref=sr_1_44?keywords=ZAP&qid=1701867726&sr=8-44 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-CA-Adhesives/dp/B0006O8ECG/ref=sr_1_53?keywords=ZAP&qid=1701867726&sr=8-53 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-Single-Adhesives/dp/B00GB0SFT6/ref=sr_1_52?keywords=ZAP&qid=1701867726&sr=8-52 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-Z-Poxy-Minute/dp/B00SXJJ4I4/ref=sr_1_60?keywords=ZAP&qid=1701867726&sr=8-60 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Pacer-Technology-Zap-Zap-Adhesives/dp/B00SXJJ2QI/ref=sr_1_7?keywords=ZAP&qid=1701867726&sr=8-7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Pellon-Wrap-N-Zap-Batting-36-Inch-Natural/dp/B01N4B9B6I/ref=sr_1_46?keywords=ZAP&qid=1701867726&sr=8-46 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Phosooy-Electric-Aluminium-Mosquito-Hanging/dp/B08P8MJ4X3/ref=sr_1_59?keywords=ZAP&qid=1701867726&sr=8-59 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/product-reviews/1649374178/ref=nta-top-sellers_d_sccl_1_5_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/product-reviews/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/product-reviews/B0069IY63Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/product-reviews/B017VPIY4U/ref=nta-top-sellers_d_sccl_1_7_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/product-reviews/B08SV2Y7J6/ref=nta-top-sellers_d_sccl_1_6_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/product-reviews/B096X8471C/ref=nta-top-sellers_d_sccl_1_8_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/product-reviews/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/product-reviews/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/product-reviews/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2_cr/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Pure-ZAP-Vitamin-Natural-Verified/dp/B0CLFF5X2N/ref=sr_1_51?keywords=ZAP&qid=1701867726&sr=8-51 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ref=cs_500_link |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ref=cs_500_logo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ref=cs_503_link |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ref=cs_503_logo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ref=nav_logo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/?_encoding=UTF8&ref_=sv_cm_gft_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/birthday/?_encoding=UTF8&ref_=sv_wl_3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/custom/?_encoding=UTF8&ref_=sv_wl_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=C8F6GH5BF52FTG8A18BP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries/request/ref=ragl_HMT_1a1_w?pf_rd_p=34c70dcf-051f-4baa-8ab0-938fb22b88b9&pf_rd_r=J6DZTJK0YZFCFZS1CTSS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries?ref_=nav_ListFlyout_find |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/review/common/du |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=D0TP68SBY7HDG3MXW48C&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:D0TP68SBY7HDG3MXW48C$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DD0TP68SBY7HDG3MXW48C%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/review/common/du?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=V8GRNQJEW7S4AXXMR87C&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:V8GRNQJEW7S4AXXMR87C$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DV8GRNQJEW7S4AXXMR87C%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/review/dynamic/sims-box |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=1C4QAWK92TFBDKQ68XMC&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:1C4QAWK92TFBDKQ68XMC$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D1C4QAWK92TFBDKQ68XMC%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/review/dynamic/sims-box?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=FKEC5P2PQENE8H3WWZWV&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:FKEC5P2PQENE8H3WWZWV$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DFKEC5P2PQENE8H3WWZWV%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/reviews/iframe |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/rss/people/*/reviews |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=4H73N5T6ZTW7FPW93ABG&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:4H73N5T6ZTW7FPW93ABG$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3D4H73N5T6ZTW7FPW93ABG%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript> <img src='/rd/uedata?noscript&id=A91W32PMRE5JJT21GT3F&pty=Error&spty=PageNotFound&pti=' /> <img src='//fls-na.amazon.com/1/batch/1/OP/ATVPDKIKX0DER:147-4280155-9611859:A91W32PMRE5JJT21GT3F$uedata=s:%2Frd%2Fuedata%3Fnoscript%26id%3DA91W32PMRE5JJT21GT3F%26pty%3DError%26spty%3DPageNotFound%26pti%3D:2000' /> </noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Seiddons-Christmas-Velvet-Unisex-Clause/dp/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Shark-AV2501S-Self-Empty-Navigation-UltraClean/dp/B09H8CWFNK/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H8CWFNK&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ShiZap-Energized-Stacking-Block-Game/dp/B08HCHDPK2/ref=sr_1_39?keywords=ZAP&qid=1701867726&sr=8-39 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Simply-Calphalon-Nonstick-Cookware-SA10H/dp/B001AS94TY/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B001AS94TY&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery-ebook/dp/B09RC2SQ5K/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery/dp/0999820079/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery/dp/0999820095/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Snap-Zap-Murder-Rathkey-Mystery/dp/B09VLGT12H/ref=sr_1_50?keywords=ZAP&qid=1701867726&sr=8-50 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Soundcore-Cancelling-Headphones-Wireless-Bluetooth/dp/B07NM3RSRQ/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0819LK85F&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ss/customer-reviews/lighthouse/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/The-Zip-Zap-No-Small-Parts/dp/B0CBD6M8X5/ref=sr_1_42?keywords=ZAP&qid=1701867726&sr=8-42 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/home/?_encoding=UTF8&ref_=sv_wl_4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/home/ref=wl_hz_intro |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/mp/amazon-handmade?pf_rd_p=2098fe35-1d6a-4686-8362-9349bcb16093&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/mp/elevateeverywhere?pf_rd_p=80de1221-9fcc-4395-b8d4-2fa5c27f9dfc&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/mp/elevateyourhome?pf_rd_p=a36ddf69-0b21-4568-b1d5-c2a789b1c758&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/mp/shop/brand/marthastewart?pf_rd_p=2f477695-88e2-4256-97d7-ceb4e0e787da&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/mp/shop/brand?pf_rd_p=52a0eca3-a942-4efb-ba4c-5021b27a9ee6&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/mp/shop/top-100?pf_rd_p=07ef1f03-cfb5-4995-93d6-7a8d6f9b5acd&pf_rd_r=9CKN2BN9KKERD52B4G7X&ref_=wedding_home_card |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/search |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ZAP-Black-Large-Twin-Zapper/dp/B08GXVGZZZ/ref=sr_1_15?keywords=ZAP&qid=1701867726&sr=8-15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ZAP-Blue-Medium-Twin-Zapper/dp/B08GWZ3LVQ/ref=sr_1_24?keywords=ZAP&qid=1701867726&sr=8-24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ZAP-Blue-Mini-Twin-Zapper/dp/B08GXB6Y9Z/ref=sr_1_45?keywords=ZAP&qid=1701867726&sr=8-45 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ZAP-Bug-Zapper-Battery-Mosquito/dp/B07KZ8TXWQ/ref=sr_1_14?keywords=ZAP&qid=1701867726&sr=8-14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ZAP-Bug-Zapper-Battery-Mosquito/dp/B07KZQKWVP/ref=sr_1_16?keywords=ZAP&qid=1701867726&sr=8-16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ZAP-Bug-Zapper-Rechargeable-Attractant/dp/B085HLLHL1/ref=sr_1_11?keywords=ZAP&qid=1701867726&sr=8-11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Cloth-Streak-Free-Cloths/dp/B00JOQWPNG/ref=sr_1_54?keywords=ZAP&qid=1701867726&sr=8-54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ZAP-Electric-Indoor-Zapper-Mosquito/dp/B088QS5VGJ/ref=sr_1_22?keywords=ZAP&qid=1701867726&sr=8-22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ZAP-Electric-Outdoor-Waterproof-Mosquito/dp/B088QSKG8S/ref=sr_1_30?keywords=ZAP&qid=1701867726&sr=8-30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Formaldehyde-Brazilian-Treatment-Progressive/dp/B0BL437FFW/ref=sr_1_32?keywords=ZAP&qid=1701867726&sr=8-32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Justin-J-Wheeler/dp/B085K7PHB3/ref=sr_1_58?keywords=ZAP&qid=1701867726&sr=8-58 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Kara-Camden/dp/B01DUIN9TC/ref=sr_1_12?keywords=ZAP&qid=1701867726&sr=8-12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Martha-Freeman-ebook/dp/B074ZN2L3N/ref=sr_1_49?keywords=ZAP&qid=1701867726&sr=8-49 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Martha-Freeman/dp/1534405577/ref=sr_1_49?keywords=ZAP&qid=1701867726&sr=8-49 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Martha-Freeman/dp/1534405585/ref=sr_1_49?keywords=ZAP&qid=1701867726&sr=8-49 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Play-Paul-Fleischman-ebook/dp/B011S7489W/ref=sr_1_21?keywords=ZAP&qid=1701867726&sr=8-21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Play-Paul-Fleischman/dp/0763627747/ref=sr_1_21?keywords=ZAP&qid=1701867726&sr=8-21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Play-Revised-Paul-Fleischman/dp/0763680133/ref=sr_1_21?keywords=ZAP&qid=1701867726&sr=8-21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Progressive-Brush-Long-lasting-Straightening/dp/B07SSHX3BM/ref=sr_1_8?keywords=ZAP&qid=1701867726&sr=8-8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/ZAP-Zapper-Large-Twin-Pack/dp/B07GN4JZL8/ref=sr_1_10?keywords=ZAP&qid=1701867726&sr=8-10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zap-Zapper-Racket-4000V-Rechargeable/dp/B06WW6831F/ref=sr_1_5?keywords=ZAP&qid=1701867726&sr=8-5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zapped-Zendaya/dp/B00MKKCVGO/ref=sr_1_34?keywords=ZAP&qid=1701867726&sr=8-34 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zezo-Fiber-Zap-Cloth-10-Cloths/dp/B01CH150VS/ref=sr_1_9?keywords=ZAP&qid=1701867726&sr=8-9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/Zipi-Zape-Isla-del-Capit%C3%A1n/dp/B09ZKMWZ25/ref=sr_1_37?keywords=ZAP&qid=1701867726&sr=8-37 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a onclick="window.location.reload()">Try different image</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a class="oBa0Fe aciXEb" href="#" id="sbfblt" data-async-trigger="duf3-46" aria-label="Give feedback on this result" role="button" jsaction="trigger.szjOR" data-ved="0ahUKEwi70s2r8vqCAxUyQ_EDHQL0Bc4Qtw8IDQ">Report inappropriate predictions</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a class="oBa0Fe aciXEb" href="#" id="sbfblt" data-async-trigger="duf3-46" aria-label="Give feedback on this result" role="button" jsaction="trigger.szjOR" data-ved="0ahUKEwi_pqLw8fqCAxX-Q_EDHbr7DTcQtw8IDQ">Report inappropriate predictions</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a class="oBa0Fe aciXEb" href="#" id="sbfblt" data-async-trigger="duf3-46" aria-label="Give feedback on this result" role="button" jsaction="trigger.szjOR" data-ved="0ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0Qtw8IDQ">Report inappropriate predictions</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a class="oBa0Fe aciXEb" href="#" id="sbfblt" data-async-trigger="duf3-46" aria-label="Give feedback on this result" role="button" jsaction="trigger.szjOR" data-ved="0ahUKEwjhkcLL8vqCAxWZSfEDHfRZB0QQtw8IDQ">Report inappropriate predictions</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/cart/ref=ord_cart_shr?app-nav-type=none&dc=df |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a id='nav-top'></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| Instances | 701 |
| Solution |
This is an informational alert and so no changes are required.
|
| Reference | |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10109 |
|
Informational |
Retrieved from Cache |
|---|---|
| Description |
The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.
|
| URL | http://www.gstatic.com/og/_/js/k=og.qtm.en_US.bzF-LaXn39U.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTtGj0ppAB9TeeShbTNSI3bE_iNr4Q |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 213 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | http://www.gstatic.com/og/_/js/k=og.qtm.en_US.bzF-LaXn39U.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTtGj0ppAB9TeeShbTNSI3bE_iNr4Q |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 280 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | http://www.gstatic.com/og/_/js/k=og.qtm.en_US.bzF-LaXn39U.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTtGj0ppAB9TeeShbTNSI3bE_iNr4Q |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 89 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | http://www.gstatic.com/og/_/ss/k=og.qtm.unQ4bAXbcl8.L.W.O/m=qcwid/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTvBc9WC7Dd2DDpVc6x9VJtmRmpgjQ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 213 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | http://www.gstatic.com/og/_/ss/k=og.qtm.unQ4bAXbcl8.L.W.O/m=qcwid/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTvBc9WC7Dd2DDpVc6x9VJtmRmpgjQ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 280 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | http://www.gstatic.com/og/_/ss/k=og.qtm.unQ4bAXbcl8.L.W.O/m=qcwid/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTvBc9WC7Dd2DDpVc6x9VJtmRmpgjQ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 89 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 42736 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 42824 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 42949 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.q86ihocu0HA.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gC2cqySYcBh8kT9LMyuiwdwIYGQ/cb=gapi.loaded_0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Age: 43016 |
| Other Info | The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUI-3c913031596ca78a3768f4e934b1cc02ce238101.secure.min._V1_.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HIT from fastly |
| Other Info | |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUI-3c913031596ca78a3768f4e934b1cc02ce238101.secure.min._V1_.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Hit from cloudfront |
| Other Info | |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/ClientSideMetricsAUIJavascript-51171fbdd28e1a7a61e922e8f0272af8bc74d37b.secure.variant-desktop-session-snapshot-keypress.min._V2_.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HIT from fastly |
| Other Info | |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/ClientSideMetricsAUIJavascript-51171fbdd28e1a7a61e922e8f0272af8bc74d37b.secure.variant-desktop-session-snapshot-keypress.min._V2_.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Hit from cloudfront |
| Other Info | |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/csm-captcha-instrumentation.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HIT from fastly |
| Other Info | |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/csm-captcha-instrumentation.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Hit from cloudfront |
| Other Info | |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/rd-script-6d68177fa6061598e9509dc4b5bdd08d.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HIT from fastly |
| Other Info | |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/rd-script-6d68177fa6061598e9509dc4b5bdd08d.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Hit from cloudfront |
| Other Info | |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/ue-base-1c399ad9886cab69575e1e5ee15c61a1._V313498596_.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HIT from fastly |
| Other Info | |
| URL | https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/ue-base-1c399ad9886cab69575e1e5ee15c61a1._V313498596_.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Hit from cloudfront |
| Other Info | |
| Instances | 20 |
| Solution |
Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Expires: 0
This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.
|
| Reference |
https://tools.ietf.org/html/rfc7234
https://tools.ietf.org/html/rfc7231 http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234) |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10050 |
|
Informational |
Session Management Response Identified |
|---|---|
| Description |
The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.
|
| URL | https://www.amazon.com/*/sim/B001132UEE |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/*/sim/B001132UEE?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587740l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587738l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587768l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587771l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587770l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587769l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587744l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587767l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587737l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587743l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_kplp_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fkindle-dbs%2Fku%2Fku-central%3Fref_%3Dnav_AccountFlyout_ku%26reroutedViaSP%3D1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587735l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587736l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587750l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587731l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587738l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587738l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587741l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcustomer-preferences%2Fedit%2F%3F_encoding%3DUTF8%26ie%3DUTF8%26preferencesReturnUrl%3D%252Fgp%252Fyourstore%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587743l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587768l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587770l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587768l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587732l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2Frecs%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587735l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587748l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587748l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2332587748l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/b/?ie=UTF8&node=1267877011&ref_=sv_subnav_goldbox_5 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/exec/obidos/account-access-login |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/exec/obidos/change-style |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/exec/obidos/flex-sign-in |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/exec/obidos/handle-buy-box |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/exec/obidos/tg/cm/member/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=item.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/associations/wizard.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/associations/wizard.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/aw/cr/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/aw/cr/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/aw/help/id=sss |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/aws/ssop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/b2b-rd |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/b2b-rd?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/cart |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/gp/cart/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/cart/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/cart/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/cart/get?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/cart?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/content-form |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/content-form?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/gp/customer-images |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/customer-images?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/customer-media/upload |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/customer-media/upload?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/digital/fiona/manage?ref_=footer_myk |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/gp/dmusic/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/dmusic/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/dmusic/order |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/dmusic/order/handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/dmusic/order?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/entity-alert/external |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/flex |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/gp/flex?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/gc/widget |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/get?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/gfix |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/gfix?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/item-dispatch |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/music/clipserve |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/music/wma-pop-up |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/obidos-sign-in.html/130-7402554-6248927?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/offer-listing/9000 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/offer-listing/B000 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/pdp/invitation/invite |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/pdp/rss/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/reader |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/gp/reader?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/recsradio |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/recsradio?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/redirect.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/redirect.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/registry/search.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/registry/search.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/rentallist |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 3CD5D66748B33000D0B7B1EB491D4299 |
| Other Info | cookie:JSESSIONID |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/richpub/listmania/createpipeline?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/richpub/syltguides/create |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/richpub/syltguides/create?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/rl/settings |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/sign-in |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/gp/sign-in?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/sitbv3/reader |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-id |
| URL | https://www.amazon.com/gp/sitbv3/reader?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/slredirect |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/slredirect?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/structured-ratings/actions/get-experience.html?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/twitter/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/twitter/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/library/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/watchlist/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/gp/vote |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/gp/vote?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/voting/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/gp/voting/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/gp/yourstore |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 133-2937416-4658224 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/music/prime/signup?cancelRedirectURL=L211c2ljL3ByaW1l¬NowRedirectURL=L211c2ljL3ByaW1l&redirectURL=L211c2ljL3BsYXllcg&ref_=dm_lnd_pm_pmtr_11f73476 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/music/unlimited/signup?notNowRedirectURL=L211c2ljL3VubGltaXRlZA%3D%3D&ref_=dm_lnd_hf_hfsgn_aab71000 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries/birthday?ref_=gr-landing-birthday |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries/custom?ref_=gr-landing-custom |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/review/common/du |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/review/common/du?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/review/dynamic/sims-box |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/review/dynamic/sims-box?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/rss/people/*/reviews |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-id |
| URL | https://www.amazon.com/wedding/gift-fund?ref_=wedding_subnav |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/wedding/home |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/wedding/mp/benefits?ref_=wedding_home_benefits |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.amazon.com/wedding/shop/top-100?ref_=wedding_subnav |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | CONSENT |
| Attack | |
| Evidence | PENDING+172 |
| Other Info | cookie:CONSENT cookie:__Secure-ENID cookie:AEC |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | CONSENT |
| Attack | |
| Evidence | PENDING+698 |
| Other Info | cookie:CONSENT cookie:__Secure-ENID cookie:AEC |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | CONSENT |
| Attack | |
| Evidence | PENDING+749 |
| Other Info | cookie:CONSENT cookie:__Secure-ENID cookie:AEC |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | CONSENT |
| Attack | |
| Evidence | PENDING+813 |
| Other Info | cookie:CONSENT cookie:__Secure-ENID cookie:AEC |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=BfptuzASiJ52VtO4glBuRdZ-3IUVJqoVRqB7PLaB6MMFYSB07aZQQj4D6oOXRGsV7v40Jd4voC6qPJHugE3Mh99pW0ooZX3poH0Nwm7pBaQ7v-RO-gloOeSLdGLkld3XoVDpRCwcVFVU6hbTGiaOjiAEKQK7MvAsvaVpGU_X5newAHcoqlgmcEknHAHaoV8 |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=IBgXpmy9HoUh6i-PfsNOsOuM_UxREkicyzsSXmPAJjSMQC30azy9wTXtLV-_THewxCWEVahaaPDcxuILiiMjF0d3YCyNHSF9z5BNL6HAL-slW_1O1Ela1lfZtJlHOyQYRhOiZt7XBxgsKC9ebF7j66wvg3vZh3APo8wflA774lGRLtk9zw3vTl54hvcYuKTI |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=KkKILj-VDPB7VyW3jbgDdyOzjGjgSGZakV_peBB1-b5N2T3-MkIDoUBm3J3YMo7L6LRxN5YUMeQgEva4PuAGyQSWxMmRtN6UV2XGzFGZ9KXm3luWdyAu4G3g--7fo_HD7ukQw1N6xNUaAkDv1dtny1CXVgnYKk51DVZUXplXTPTahk4p3u05NLbqdCaiu-4_ |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=YHdrjhl60LnJLG_qLWfZMcVvkgtmpsWkTGesHOMk4oKpe_gL6xYOBgVjnmUWu5GtQpH4mT4ACo68SgRbuAT0N3-_9_8MswsVLuuduorLEz9ITolmiwi5YV-I58jV1Fx671i80SLpN1FiKy1vLuVvGltwVOh7qcVGMNHlgb6SBd69LGn_fm6Nh1tcOtRcj4GU |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=IHNwZfq3KfaSxc8P3rOK6A8&zx=1701868345023&opi=89978449 |
| Method | GET |
| Parameter | NID |
| Attack | |
| Evidence | 511=dK2efYIbCaYwxbjc9-bVsfFFOU0EgDpExx4d70NN60T-vBrzzgoLq_IMsokBe6A30ueUjWS51sM2oSUyvbe4UbGc-rdeisjKuyUq5LuC87l48gwr1YjoE93nASBCKvvAntyUfn0abo6_52MiXbOObOxd8I3TM8BWHj0iyugvpB14HXsdkDB_rFfQrA8N |
| Other Info | cookie:NID |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | SOCS |
| Attack | |
| Evidence | CAISHAgBEhJnd3NfMjAyMzEyMDQtMF9SQzEaAmVuIAEaBgiA876rBg |
| Other Info | cookie:SOCS cookie:NID |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time cookie:ubid-main cookie:session-token cookie:session-id |
| URL | https://www.google.com/gen_204?atyp=csi&ei=IHNwZfq3KfaSxc8P3rOK6A8&s=webhp&t=fi&st=26775&fid=0&zx=1701868345090&opi=89978449 |
| Method | POST |
| Parameter | NID |
| Attack | |
| Evidence | 511=gcCxUiCPY7mP7_ARr0Gm45Xn41mKT0fDSqYL5fB6jdL1sO19SCplDoZAIrOarQzfLT2LS8s7yx9tIwMu5jIgeR289DiXBv_4k5EE_bru0p1ro-2JrCulF1wt_pwNfG-cLjmvEPUrgw_D4A1OnXFRgO1YGumowkoErPbx3eqxt87fhmuniJtIg4wVKvKQ |
| Other Info | cookie:NID |
| URL | https://www.google.com/gen_204?ei=IHNwZfq3KfaSxc8P3rOK6A8&vet=10ahUKEwj6x9XF8fqCAxV2SfEDHd6ZAv0QhJAHCBw..h&bl=btNu&s=webhp&cdot=25419 |
| Method | POST |
| Parameter | NID |
| Attack | |
| Evidence | 511=mo_7nia26F_lUgt6Wcc---u0WBntB5BIV8Des-Bu77zuVKW5A1c0-MZqIa8ex0GydFY-m2qlViaPl1pxxwYG9Rs8rJ4BNKz2mKKGxcHrG5Hsy4f3Ih9f73vZ4ssmRo577iLvJAY1nXBfRlM5dhwX8pFbldmjvs0BsUMQONHzh29kIHacV3wXDBUYSiM0 |
| Other Info | cookie:NID |
| URL | https://www.amazon.com/ap/register?clientContext=134-9805331-2128027&failedSignInCount=0&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage&pageId=usflex&prepopulatedLoginId&prevRID=Q699XA2PY2XVDXYA05F7&showRememberMe=true |
| Method | GET |
| Parameter | clientContext |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | url:clientContext |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16218619011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fprivacyprefs%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fregistries%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/ap/signin?accountStatusPolicy=P1&clientContext=134-9805331-2128027&language=en_US&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fvideo%2Fauth%2Freturn%2Fref%3Dav_auth_ap%3F_t%3Dsg-OvgI-MifzhjKp20ZH5LS_XaOWk72ZJ9shisOk2KKkAAAAAAQAAAABlcHDQcmF3AAAAAPgWC9WfHH8iB-olH_E9xQ%26location%3D%2Fgp%2Fvideo%2Fprofiles%3Fref_%253Datv_auth_red_aft |
| Method | GET |
| Parameter | clientContext |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | url:clientContext |
| URL | https://www.amazon.com/ap/signin?accountStatusPolicy=P1&clientContext=134-9805331-2128027&language=en_US&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fvideo%2Fauth%2Freturn%2Fref%3Dav_auth_ap%3F_t%3Dsg5qgcieU_RTfbDLjO2sFrPSzyoQMf_Lmd3DaMsqB2TWKAAAAAQAAAABlcHDmcmF3AAAAAPgWC9WfHH8iB-olH_E9xQ%26location%3D%2Fgp%2Fvideo%2Fmystuff%2Fwatchlist%3Fref_%253Datv_auth_red_aft |
| Method | GET |
| Parameter | clientContext |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | url:clientContext |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | clientContext |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | url:clientContext |
| URL | https://www.amazon.com/ap/signin?clientContext=134-9805331-2128027&language=en_US&marketPlaceId=USAmazon&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3F_encoding%3DUTF8%26node%3D2238192011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D16115931011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_custrec_signin |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D2102313011%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fb%2F%3Fie%3DUTF8%26node%3D388305011%26ref_%3Dnav_signin |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fgoldbox%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Fprime%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fmusic%2Funlimited%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/b/?ie=UTF8&node=16976406011&ref_=sv_subnav_goldbox_2 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/b/?ie=UTF8&node=3059207011&ref_=sv_subnav_goldbox_4 |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/b/?node=2658409011 |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/%3C%23=cItem.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/%3C%23=error.button.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/%3C%23=item.image.src%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/%3C%23=link.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/%3C%23=row.url%20%23%3E?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/aw/ol/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/aw/ol/?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/aws/ssop?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/b2b-rd?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/cart/%3C%23=error.button.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/cart/%3C%23=item.image.src%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/css/homepage.html?ref=youraccount_asns_bc |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/customer-media/actions/delete/?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/customer-media/actions/edit-caption/?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/customer-media/upload?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/digital/fiona/manage?ref_=footer_myk |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/gc/widget?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/gfix?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/help/customer/display.html/ref=ord_cart_lm?nodeId=468468 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/help/customer/express/c2c/?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/legacy-handle-buy-box.html?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/lhb-adaptor/handle-buy-box/136-8493707-0325261?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8&ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/music/clipserve?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/music/wma-pop-up?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/offer-listing/ |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/offer-listing/9000?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/offer-listing/?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/offer-listing/B000?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/pdp/invitation/invite?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/redirect.html?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R1XIHQVKXSKBNJ?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/richpub/listmania/fullview/R3HQ5WJSZK6QSO?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/rl/settings?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/site-directory?ref_=nav_em_js_disabled&ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/slredirect?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/watchlist/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/watchlist/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/watchlist/ref%3Datv_auth_red_aft |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/gp/voting/?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/gp/yourstore/recs/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/music/prime/signup?cancelRedirectURL=L211c2ljL3ByaW1l¬NowRedirectURL=L211c2ljL3ByaW1l&redirectURL=L211c2ljL3BsYXllcg&ref_=dm_lnd_pm_pmtr_11f73476 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/music/unlimited/signup?notNowRedirectURL=L211c2ljL3VubGltaXRlZA%3D%3D&ref_=dm_lnd_hf_hfsgn_aab71000 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/music/unlimited/signup?notNowRedirectURL=L211c2ljL3VubGltaXRlZA%3D%3D&ref_=dm_lnd_hf_hfsgn_aab71000 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/music/unlimited/signup?notNowRedirectURL=L211c2ljL3VubGltaXRlZA%3D%3D&ref_=dm_lnd_hf_hfsgn_aab71000 |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/music/unlimited/why-hd?view=spatial-audio |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/outlet/?_encoding=UTF8&ref_=sv_subnav_goldbox_3 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/registries/ |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/registries/%3C%23=item.url%20%23%3E |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/registries/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/registries/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/registries/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/registries/%3C%23=row.url%20%23%3E |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/registries/holiday?ref_=gr-landing-holiday |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/registries/pet?ref_=gr-landing-pet |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/registries?ref_=wedding_subnav |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/rss/people/*/reviews |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | session-id |
| Attack | |
| Evidence | 147-4280155-9611859 |
| Other Info | cookie:session-id |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/rss/people/*/reviews?ue_back=1 |
| Method | GET |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| URL | https://www.amazon.com/wedding/mp/featuredcollections?ref_=wedding_subnav |
| Method | GET |
| Parameter | session-token |
| Attack | |
| Evidence | PhvvRLPZjgKs1trOfUnEG0Vq5VDmvQwDvSaVHwexLY5hWln0hWo2GUUgDMFeFUakJ1MybFYzGO1PE5zCVXUatoqf0ySiFlK7eoIYT/AULFHjdsMefzvQ4oUG0+xfkqFx98qGIOcgynRe7EbjulIQhB+fee4aLJrSAB8E8J67UFOBV4/DvANjS94El+yLTmjnowtNg1C7FzlAlJaGtNzb4P9RGIyHFLFoX5aUAwS0wKZadLPmf1DMTlBWsVEmZqKcuU9DmD6hRK7/aNVEHdgOgHUPuGhaQEWRnQIJryhyUUquEsTepHpUJuGgqmDZyXlPqUgVp7zJH9fSP9HsAQv4ncVmE3PV9WX2 |
| Other Info | cookie:session-token |
| URL | https://www.amazon.com/wedding/search?ref_=wedding_subnav |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/wedding/shop/top-100?ref_=wedding_subnav |
| Method | GET |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=JEhClBETtkU0oBdIyDcRBljs6i4ROdvxmGAaUnexOlFsoc4dM2tE2a-K2ZwMZbxW4fOIdCNymEqw5kH_nnLTk4YlcvaQo28mKMd2M-y6s2eKmTzPyDruHoKiLDIe47-NgUi-RWT7EG6T14igxzPjuu9BX9kQIiFvfEMSkRuXliE |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=knmx-d6YsQWKLUclBOv3foXMdABzZHO9epCo4xhtP7acpqb1m8fuTZH9ybTytVjGPoEmRSY8MVtjMaEabLjJrx5puwUfFs5qza11UHJjRXjnPPPRRxoLNd0uJSW5bBa-OYDbSAG55bF-yyR293QiADECble3zJ26kfnsX2Cbrt0 |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=r9sQFMoD3tZtpm9NUUXjo6wIWM6sU2J2hJeCgWjL-YxHKQIMygJsNhKCyM2xfhy6aurcVGqH8Roj1cDr_gybMzLw-rZjHgFKBXZBw7TKHAbMNEpzPWRIq431zpCQpxKy8WLUW12IoPfUCj0z2AF_5O2_HN4JD-99VxtZiPPq4VE |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=u6g2Igiy9eOanbsxYDniHNlPCPlYETNDNh0dqLRIvqmol6GHGhoTzzF9Dsmek6kjaLwrDX2XudS8vW9o3eBNepCp-8i9ZzbAyG9YAy4f0OjzAmFHblnwxmgNEFp6nEUzElcRk56FlOd0zCbU8pMty4sfEPxyf3dJEekPp_ZTF54 |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | AEC |
| Attack | |
| Evidence | Ackid1QnLOJ1JEXoiZ3V3pMfv2Rf_kBbxo2LZkMbq0M2jIGc7yUxfW9KoEo |
| Other Info | cookie:AEC |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | AEC |
| Attack | |
| Evidence | Ackid1SDNUOYi1S1W2xp3LUpZjyPTcXt2zAk4mx9HfGvn223l_910oUD1fI |
| Other Info | cookie:AEC |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | AEC |
| Attack | |
| Evidence | Ackid1Seb2bV26xMxx3fbwu1YPzevChA44cBaUlPivw78_6jvSTQavp_Bw |
| Other Info | cookie:AEC |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | AEC |
| Attack | |
| Evidence | Ackid1TQXh5mfxEjybeXiuyD-PtodkRHsROmljsWwKiLvOWukM2qS1Lue6E |
| Other Info | cookie:AEC |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | CONSENT |
| Attack | |
| Evidence | PENDING+172 |
| Other Info | cookie:CONSENT |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | CONSENT |
| Attack | |
| Evidence | PENDING+698 |
| Other Info | cookie:CONSENT |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | CONSENT |
| Attack | |
| Evidence | PENDING+749 |
| Other Info | cookie:CONSENT |
| URL | https://www.google.com/ |
| Method | GET |
| Parameter | CONSENT |
| Attack | |
| Evidence | PENDING+813 |
| Other Info | cookie:CONSENT |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=BfptuzASiJ52VtO4glBuRdZ-3IUVJqoVRqB7PLaB6MMFYSB07aZQQj4D6oOXRGsV7v40Jd4voC6qPJHugE3Mh99pW0ooZX3poH0Nwm7pBaQ7v-RO-gloOeSLdGLkld3XoVDpRCwcVFVU6hbTGiaOjiAEKQK7MvAsvaVpGU_X5newAHcoqlgmcEknHAHaoV8 |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=IBgXpmy9HoUh6i-PfsNOsOuM_UxREkicyzsSXmPAJjSMQC30azy9wTXtLV-_THewxCWEVahaaPDcxuILiiMjF0d3YCyNHSF9z5BNL6HAL-slW_1O1Ela1lfZtJlHOyQYRhOiZt7XBxgsKC9ebF7j66wvg3vZh3APo8wflA774lGRLtk9zw3vTl54hvcYuKTI |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=KkKILj-VDPB7VyW3jbgDdyOzjGjgSGZakV_peBB1-b5N2T3-MkIDoUBm3J3YMo7L6LRxN5YUMeQgEva4PuAGyQSWxMmRtN6UV2XGzFGZ9KXm3luWdyAu4G3g--7fo_HD7ukQw1N6xNUaAkDv1dtny1CXVgnYKk51DVZUXplXTPTahk4p3u05NLbqdCaiu-4_ |
| Other Info | cookie:__Secure-ENID |
| URL | https://www.google.com/client_204?cs=2&opi=89978449 |
| Method | GET |
| Parameter | __Secure-ENID |
| Attack | |
| Evidence | 16.SE=YHdrjhl60LnJLG_qLWfZMcVvkgtmpsWkTGesHOMk4oKpe_gL6xYOBgVjnmUWu5GtQpH4mT4ACo68SgRbuAT0N3-_9_8MswsVLuuduorLEz9ITolmiwi5YV-I58jV1Fx671i80SLpN1FiKy1vLuVvGltwVOh7qcVGMNHlgb6SBd69LGn_fm6Nh1tcOtRcj4GU |
| Other Info | cookie:__Secure-ENID |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | NID |
| Attack | |
| Evidence | 511=WRXNjR8uYqa33LiFFztn5VvA8uFq6llIzNmzsIHshZyMnC6rI4uryxQTfbydYI2_B83aICvQ_PV-9OK6NRh3YmQHQBmmyIytc8nn9mvxGgPw-TcdVs8B2GkaXgPPNGs7turDQw6UcILfRE2SiBNIiORsklWS3BzDBUzP7YRBQItERz3IcBJIyaGL6vNU |
| Other Info | cookie:NID |
| URL | https://consent.google.com/save?continue=https://www.google.com/&gl=BG&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20231204-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true |
| Method | POST |
| Parameter | SOCS |
| Attack | |
| Evidence | CAISHAgBEhJnd3NfMjAyMzEyMDQtMF9SQzEaAmVuIAEaBgiA876rBg |
| Other Info | cookie:SOCS |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | session-id-time |
| Attack | |
| Evidence | 2082787201l |
| Other Info | cookie:session-id-time |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | ubid-main |
| Attack | |
| Evidence | 134-9805331-2128027 |
| Other Info | cookie:ubid-main |
| Instances | 398 |
| Solution |
This is an informational alert rather than a vulnerability and so there is nothing to fix.
|
| Reference | https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10112 |
|
Informational |
User Controllable Charset |
|---|---|
| Description |
This check looks at user-supplied input in query string parameters and POST data to identify where Content-Type or meta tag charset declarations might be user-controlled. Such charset declarations should always be declared by the application. If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks. For example, an attacker controlling the <meta> element charset value is able to declare UTF-7 and is also able to include enough user-controlled payload early in the HTML document to have it interpreted as UTF-7. By encoding their payload with UTF-7 the attacker is able to bypass any server-side XSS protections and embed script in the page.
|
| URL | https://www.amazon.com/dp/B07984JN3L?ie=UTF-8&plattr=ACOMFO |
| Method | GET |
| Parameter | ie |
| Attack | |
| Evidence | |
| Other Info | A(n) [META] tag [Content-Type] attribute The user input found was: ie=UTF-8 The charset value it controlled was: UTF-8 |
| Instances | 1 |
| Solution |
Force UTF-8 in all charset declarations. If user-input is required to decide a charset declaration, ensure that only an allowed list is used.
|
| Reference | |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10030 |
|
Informational |
User Controllable HTML Element Attribute (Potential XSS) |
|---|---|
| Description |
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
|
| URL | https://www.amazon.com/132-3165371-6872408?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | *Version* |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/132-3165371-6872408?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: *Version*=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/145-5865731-3714800?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 |
| Method | GET |
| Parameter | *Version* |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/145-5865731-3714800?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: *Version*=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dfooter_yo&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | showRmrMe |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dfooter_yo&pageId=webcs-yourorder&showRmrMe=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showRmrMe=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_AccountFlyout_orders&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | showRmrMe |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_AccountFlyout_orders&pageId=webcs-yourorder&showRmrMe=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showRmrMe=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_orders_first&pageId=webcs-yourorder&showRmrMe=1 |
| Method | GET |
| Parameter | showRmrMe |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Forder-history%3Fie%3DUTF8%26ref_%3Dnav_orders_first&pageId=webcs-yourorder&showRmrMe=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showRmrMe=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon |
| Method | GET |
| Parameter | pageId |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/ap/signin?language=en_US&openid.assoc_handle=amzn_swa_desktop_na&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fhz5%2Fyourmembershipsandsubscriptions%3Fref_%3Dnav_AccountFlyout_digital_subscriptions&pageId=amazon appears to include user input in: a(n) [i] tag [aria-label] attribute The user input found was: pageId=amazon The user-controlled value was: amazon |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: keywords=ZAP The user-controlled value was: zap mask ztox softness nourish discipline professional use 950g/33.51 oz |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: keywords=ZAP The user-controlled value was: zap me leva black and detox kit 2l | brazilian keratin treatment | progressive brush | smoothing system | frizzy free | volum |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: keywords=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | qid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 appears to include user input in: a(n) [input] tag [data-qid] attribute The user input found was: qid=1701867726 The user-controlled value was: 1701867726 |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | qid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: qid=1701867726 The user-controlled value was: 1701867726 |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | sr |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 appears to include user input in: a(n) [input] tag [data-sr] attribute The user input found was: sr=8-13 The user-controlled value was: 8-13 |
| URL | https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 |
| Method | GET |
| Parameter | sr |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Capillary-Zap-Professional-Eliminates-33-51fl-oz/dp/B079QZ9TQG/ref=sr_1_13?keywords=ZAP&qid=1701867726&sr=8-13 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: sr=8-13 The user-controlled value was: 8-13 |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: pd_rd_i=B0BB9BMD7F The user-controlled value was: b0bb9bmd7f |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [div] tag [data-csa-c-asin] attribute The user input found was: pd_rd_i=B0BB9BMD7F The user-controlled value was: b0bb9bmd7f |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [div] tag [data-detailPageAsin] attribute The user input found was: pd_rd_i=B0BB9BMD7F The user-controlled value was: b0bb9bmd7f |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [input] tag [data-asin] attribute The user input found was: pd_rd_i=B0BB9BMD7F The user-controlled value was: b0bb9bmd7f |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pd_rd_i=B0BB9BMD7F The user-controlled value was: b0bb9bmd7f |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [li] tag [data-csa-c-item-id] attribute The user input found was: pd_rd_i=B0BB9BMD7F The user-controlled value was: b0bb9bmd7f |
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [li] tag [data-defaultAsin] attribute The user input found was: pd_rd_i=B0BB9BMD7F The user-controlled value was: b0bb9bmd7f |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/b/ The user-controlled value was: /b/ |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/b/ The user-controlled value was: /b/?_encoding=utf8&ld=azussoa-sell&node=12766669011&ref_=nav_cs_sell |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/b/ The user-controlled value was: /b/?node=18190131011&ld=azussoa-seemore&ref_=footer_seemore |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/b The user-controlled value was: /b |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/b The user-controlled value was: /b/?_encoding=utf8&ld=azussoa-sell&node=12766669011&ref_=nav_cs_sell |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/b The user-controlled value was: /b/?node=18190131011&ld=azussoa-seemore&ref_=footer_seemore |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fb&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/b The user-controlled value was: /business?ref_=footer_retail_b2b |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/customer-preferences/country The user-controlled value was: /customer-preferences/country |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fcountry&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/customer-preferences/country The user-controlled value was: /customer-preferences/country?ie=utf8&preferencesreturnurl=%2f&ref_=footer_icp_cp |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/customer-preferences/edit The user-controlled value was: /customer-preferences/edit |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/customer-preferences/edit The user-controlled value was: /customer-preferences/edit?ie=utf8&preferencesreturnurl=%2f&ref_=footer_lang |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/customer-preferences/edit The user-controlled value was: /customer-preferences/edit?ie=utf8&preferencesreturnurl=%2f&ref_=topnav_lang_ais |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fcustomer-preferences%2Fedit&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/customer-preferences/edit The user-controlled value was: /customer-preferences/edit?ie=utf8&ref_=footer_cop&preferencesreturnurl=%2fcustomer-preferences%2fedit |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3DcItem.url%2520%2523%253E&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gcx/-/gfhz/%3C%23=cItem.url%20%23%3E The user-controlled value was: /gcx/-/gfhz/%3c%23=citem.url%20%23%3e |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Derror.button.url%2520%2523%253E&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gcx/-/gfhz/%3C%23=error.button.url%20%23%3E The user-controlled value was: /gcx/-/gfhz/%3c%23=error.button.url%20%23%3e |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.image.src%2520%2523%253E&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gcx/-/gfhz/%3C%23=item.image.src%20%23%3E The user-controlled value was: /gcx/-/gfhz/%3c%23=item.image.src%20%23%3e |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Ditem.url%2520%2523%253E&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gcx/-/gfhz/%3C%23=item.url%20%23%3E The user-controlled value was: /gcx/-/gfhz/%3c%23=item.url%20%23%3e |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Dlink.url%2520%2523%253E&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gcx/-/gfhz/%3C%23=link.url%20%23%3E The user-controlled value was: /gcx/-/gfhz/%3c%23=link.url%20%23%3e |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2F%253C%2523%3Drow.url%2520%2523%253E&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gcx/-/gfhz/%3C%23=row.url%20%23%3E The user-controlled value was: /gcx/-/gfhz/%3c%23=row.url%20%23%3e |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gcx/-/gfhz/add-wishlist The user-controlled value was: /gcx/-/gfhz/add-wishlist |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2F-%2Fgfhz%2Fget&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gcx/-/gfhz/get The user-controlled value was: /gcx/-/gfhz/get |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgcx%2FGifts-for-Adults%2Fgfhz%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gcx/Gifts-for-Adults/gfhz/ The user-controlled value was: /gcx/gifts-for-adults/gfhz/ |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gift-cards/b/ The user-controlled value was: /gift-cards/b/ |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgift-cards%2Fb%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gift-cards/b/ The user-controlled value was: /gift-cards/b/?ie=utf8&node=2238192011&ref_=nav_cs_gc |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/browse.html The user-controlled value was: /gp/browse.html |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/browse.html The user-controlled value was: /gp/browse.html?node=10232440011&ref_=footer_reload_us |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/browse.html The user-controlled value was: /gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/browse.html The user-controlled value was: /gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/browse.html The user-controlled value was: /gp/browse.html?node=16218619011&ref_=footer_swp |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/browse.html The user-controlled value was: /gp/browse.html?node=2102313011&ref_=footer_devices |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/browse.html The user-controlled value was: /gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fbrowse.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/browse.html The user-controlled value was: /gp/browse.html?node=388305011&ref_=footer_tfx |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/cart/view.html The user-controlled value was: /gp/cart/view.html |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fcart%2Fview.html&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/cart/view.html The user-controlled value was: /gp/cart/view.html?ref_=nav_cart |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/goldbox The user-controlled value was: /gp/goldbox |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fgoldbox&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/goldbox The user-controlled value was: /gp/goldbox?ref_=nav_cs_gb |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/history/ The user-controlled value was: /gp/history/ |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fhistory&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/history The user-controlled value was: /gp/history |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fwedding%2Fhomepage%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/wedding/homepage/ The user-controlled value was: /gp/wedding/homepage/ |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore%2Frecs%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/yourstore/recs/ The user-controlled value was: /gp/yourstore/recs/ |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fgp%2Fyourstore&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp/yourstore The user-controlled value was: /gp/yourstore |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fhz%2Fwishlist%2Fintro&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/hz/wishlist/intro The user-controlled value was: /hz/wishlist/intro |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Fprime&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/music/prime The user-controlled value was: /music/prime |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fmusic%2Funlimited&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/music/unlimited The user-controlled value was: /music/unlimited |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/privacyprefs The user-controlled value was: /privacyprefs |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fprivacyprefs&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/privacyprefs The user-controlled value was: /privacyprefs?ref_=footer_iba |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries%2F&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/registries/ The user-controlled value was: /registries/ |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fregistries&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/registries The user-controlled value was: /registries |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/s The user-controlled value was: /s |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/s The user-controlled value was: /services?ref_=footer_services |
| URL | https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?ie=UTF8&preferencesReturnUrl=%2Fs&ref_=footer_cop appears to include user input in: a(n) [form] tag [action] attribute The user input found was: preferencesReturnUrl=/s The user-controlled value was: /s/ref=nb_sb_noss |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/bit/ref=footer_bit_v2_us_a0029?bitcampaigncode=a0029 |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/browse.html?node=10232440011&ref_=footer_reload_us |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/browse.html?node=14498690011&ref_=amzn_nav_ftr_swa |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/browse.html?node=16218619011&ref_=footer_swp |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/browse.html?node=2102313011&ref_=footer_devices |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/browse.html?node=230659011&ref_=footer_amazonglobal |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/browse.html?node=388305011&ref_=footer_tfx |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/cart/view.html?ref_=nav_cart |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/css/order-history?ref_=nav_orders_first |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/css/returns/homepage.html?ref_=footer_hy_f_4 |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/digital/fiona/manage?ref_=footer_myk |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/goldbox?ref_=nav_cs_gb |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/help/customer/accessibility |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/help/customer/display.html?nodeid=468496&ref_=footer_privacy |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/help/customer/display.html?nodeid=468520&ref_=footer_shiprates |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/help/customer/display.html?nodeid=508088&ref_=footer_cou |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/help/customer/display.html?nodeid=508510&ref_=footer_gw_m_b_he |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/help/customer/display.html?nodeid=508510&ref_=nav_cs_customerservice |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/help/customer/display.html?nodeid=gdfu3js5al6syhrd&ref_=footer_covid |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/history |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/seller-account/mm-summary-page.html?ld=azfooterselfpublish&topic=200260520&ref_=footer_publishing |
| URL | https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp |
| Method | GET |
| Parameter | preferencesReturnUrl |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/customer-preferences/edit?preferencesReturnUrl=/gp appears to include user input in: a(n) [a] tag [href] attribute The user input found was: preferencesReturnUrl=/gp The user-controlled value was: /gp/site-directory?ref_=nav_em_js_disabled |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/167182c2?showvariations=true |
| URL | https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/167182c2/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09QXYQX98&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/34f9f54f?showvariations=true |
| URL | https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/34f9f54f/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07WXNHVXH&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/3dc525f9?showvariations=true |
| URL | https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/3dc525f9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09SK96KRS&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/3f419c53?showvariations=true |
| URL | https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/3f419c53/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B072NHMG4N&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/4ec3d466?showvariations=true |
| URL | https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/4ec3d466/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09N9ZN578&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/6bdcecff?showvariations=true |
| URL | https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/6bdcecff/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0B2SH4CN6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/7157647b?showvariations=true |
| URL | https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/7157647b/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CFZ5F9J2&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/7ab43e26?showvariations=true |
| URL | https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/7ab43e26/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CD8YMKWC&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/88a18097?searchalias=fashion&showvariations=true |
| URL | https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/88a18097/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B09H7LPV13&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&searchAlias=fashion&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/95b69251?showvariations=true |
| URL | https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/95b69251/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B003VWXZQ0&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/b643ddf8?showvariations=true |
| URL | https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/b643ddf8/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0941PVLYN&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/cf754241?showvariations=true |
| URL | https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/cf754241/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B0CGTD5KVT&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/d0783fb4?showvariations=true |
| URL | https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/d0783fb4/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B00QNWEOA6&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: showVariations=true The user-controlled value was: https://www.amazon.com/deal/e8f7ddb9?showvariations=true |
| URL | https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true |
| Method | GET |
| Parameter | showVariations |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/deal/e8f7ddb9/?_encoding=UTF8&content-id=amzn1.sym.3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pd_rd_i=B07VM1HQ87&pd_rd_r=44a6bc4c-b505-4da2-8565-050e933fa24c&pd_rd_w=bGbAh&pd_rd_wg=amCmC&pf_rd_p=3c339ec0-ad4b-45f2-b5a2-5ce0a481c929&pf_rd_r=QVAAGKRY13968VZP707Y&showVariations=true appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: showVariations=true The user-controlled value was: true |
| URL | https://www.amazon.com/dp/B07984JN3L?ie=UTF-8&plattr=ACOMFO |
| Method | GET |
| Parameter | ie |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/dp/B07984JN3L?ie=UTF-8&plattr=ACOMFO appears to include user input in: a(n) [meta] tag [charset] attribute The user input found was: ie=UTF-8 The user-controlled value was: utf-8 |
| URL | https://www.amazon.com/EIOTCLUB-Prepaid-LTE-Cellular-Card/dp/B096X8471C/ref=nta-top-sellers_d_sccl_1_8/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | psc |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/EIOTCLUB-Prepaid-LTE-Cellular-Card/dp/B096X8471C/ref=nta-top-sellers_d_sccl_1_8/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: psc=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=%2Bw%2BSZ5NKCNicxUMlC%2Bk0dQ%3D%3D&amzn-r=%2Fref%3Dnav_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=%2Bw%2BSZ5NKCNicxUMlC%2Bk0dQ%3D%3D&amzn-r=%2Fref%3Dnav_logo&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ref=nav_logo The user-controlled value was: /ref=nav_logo |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=%2F3fuOxEhwt63ufV6T0bxcA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=%2F3fuOxEhwt63ufV6T0bxcA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust The user-controlled value was: /ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fyourstore%2f%3fie%3dutf8%26ref_%3dnav_newcust |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=03tZvbYvlNFf2acq5oHUcQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fwrite-a-review.html%3Fue_back%3D1&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=03tZvbYvlNFf2acq5oHUcQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fwrite-a-review.html%3Fue_back%3D1&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/customer-reviews/write-a-review.html?ue_back=1 The user-controlled value was: /gp/customer-reviews/write-a-review.html?ue_back=1 |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=08uZdACqvtGgyluS825gmg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=08uZdACqvtGgyluS825gmg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/video/mystuff The user-controlled value was: /gp/video/mystuff |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0Lihl1baWvhf6TOkXodwsA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=0Lihl1baWvhf6TOkXodwsA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/product/rate-this-item The user-controlled value was: /gp/product/rate-this-item |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=0YOsOdJkoTlrb2JQ0RFSDA%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=0YOsOdJkoTlrb2JQ0RFSDA%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/orc/rml/ The user-controlled value was: /gp/orc/rml/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=1QT5N1E%2BoHYA3uY20Z45Qw%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=1QT5N1E%2BoHYA3uY20Z45Qw%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/manual-submit/ The user-controlled value was: /dp/manual-submit/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=2%2BTC4M6etm0GUm88X8TuOQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=2%2BTC4M6etm0GUm88X8TuOQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin The user-controlled value was: /ap/signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=2UjxEKDb5KJ%2F9hQYTEgkuA%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=2UjxEKDb5KJ%2F9hQYTEgkuA%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ss/customer-reviews/lighthouse/ The user-controlled value was: /ss/customer-reviews/lighthouse/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3c9Q%2BP%2FBegFwrtaVnNB7JQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=3c9Q%2BP%2FBegFwrtaVnNB7JQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_signin The user-controlled value was: /ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgcx%2f-%2fgfhz%2fadd-wishlist%2f%3f_encoding%3dutf8%26ref_%3dnav_signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3LujxYM0A0USyG2OFfjV7w%3D%3D&amzn-r=%2Fref%3Dcs_503_link&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=3LujxYM0A0USyG2OFfjV7w%3D%3D&amzn-r=%2Fref%3Dcs_503_link&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ref=cs_503_link The user-controlled value was: /ref=cs_503_link |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=3v%2FH%2F%2Fp8hxS87L1CRjIe8g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=3v%2FH%2F%2Fp8hxS87L1CRjIe8g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/132-3165371-6872408?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 The user-controlled value was: /132-3165371-6872408?%2aversion%2a=1&%2aentries%2a=0&ie=utf8 |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=4L6GAxTLeRFZV1Ql%2F0XDbg%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=4L6GAxTLeRFZV1Ql%2F0XDbg%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/145-5865731-3714800?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 The user-controlled value was: /145-5865731-3714800?%2aversion%2a=1&%2aentries%2a=0&ie=utf8 |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=5PEpbY7VE%2Fx%2BF4QsbQCCsA%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=5PEpbY7VE%2Fx%2BF4QsbQCCsA%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/video/settings The user-controlled value was: /gp/video/settings |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=5wtQMuRaMjiNWnLNzrc%2FVQ%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=5wtQMuRaMjiNWnLNzrc%2FVQ%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/en$ The user-controlled value was: /-/en$ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=7fi5ByKad%2BdcvxZljfMzqA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=7fi5ByKad%2BdcvxZljfMzqA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_signin The user-controlled value was: /ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fyourstore%2f%3fie%3dutf8%26ref_%3dnav_signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=89kxzNpqpBqZafLdlFX0nQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=89kxzNpqpBqZafLdlFX0nQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_newcust The user-controlled value was: /ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgcx%2f-%2fgfhz%2fadd-wishlist%2f%3f_encoding%3dutf8%26ref_%3dnav_custrec_newcust |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=8T23TyPKJ9nYw28W4EnfEw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=8T23TyPKJ9nYw28W4EnfEw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/product/rate-this-item The user-controlled value was: /gp/product/rate-this-item |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=95jTc%2Fjf17cFyeMo2q5R7g%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=95jTc%2Fjf17cFyeMo2q5R7g%3D%3D&amzn-r=%2F-%2Fen%24&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/en$ The user-controlled value was: /-/en$ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=97fM1dyt3h9Jc6nkywTmLA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=97fM1dyt3h9Jc6nkywTmLA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust The user-controlled value was: /ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fhistory%2f%3fie%3dutf8%26ref_%3dnav_custrec_newcust |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9AQHcF15x6pT5YUsFxlgBg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=9AQHcF15x6pT5YUsFxlgBg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_newcust The user-controlled value was: /ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fhistory%2f%3fie%3dutf8%26ref_%3dnav_newcust |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9dkyynGR9nYfowg38vfKbQ%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=9dkyynGR9nYfowg38vfKbQ%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/zh_TW$ The user-controlled value was: /-/zh_tw$ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9OGFBL46Q7pNVyNctgZC0w%3D%3D&amzn-r=%2Fhz%2Fmycd%2Fmyx%3FpageType%3Dcontent%26ref_%3Dnav_AccountFlyout_myk&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=9OGFBL46Q7pNVyNctgZC0w%3D%3D&amzn-r=%2Fhz%2Fmycd%2Fmyx%3FpageType%3Dcontent%26ref_%3Dnav_AccountFlyout_myk&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/hz/mycd/myx?pageType=content&ref_=nav_AccountFlyout_myk The user-controlled value was: /hz/mycd/myx?pagetype=content&ref_=nav_accountflyout_myk |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=9Z05sBM3FDHZbxQkWsnZ0Q%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=9Z05sBM3FDHZbxQkWsnZ0Q%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/e-mail-friend/ The user-controlled value was: /dp/e-mail-friend/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=apEvdI6SD8q8%2Bj6RqXItyg%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=apEvdI6SD8q8%2Bj6RqXItyg%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/product-reviews/B0069IY63Y The user-controlled value was: /product-reviews/b0069iy63y |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=BdXJNklVh%2FTo3oUFbCnlxg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=BdXJNklVh%2FTo3oUFbCnlxg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/reviews/iframe The user-controlled value was: /reviews/iframe |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=BMw1tPBj4bD27JeQvJERag%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=BMw1tPBj4bD27JeQvJERag%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/shipping/ The user-controlled value was: /dp/shipping/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=c2HyZR58QutNLD12xni6Nw%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=c2HyZR58QutNLD12xni6Nw%3D%3D&amzn-r=%2Fss%2Fcustomer-reviews%2Flighthouse%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ss/customer-reviews/lighthouse/ The user-controlled value was: /ss/customer-reviews/lighthouse/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=C7pO3cDUAWU%2FidqGpXFrjg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fiyr%2F%3Fie%3DUTF8%26ref_%3Dsv_ys_3&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=C7pO3cDUAWU%2FidqGpXFrjg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fiyr%2F%3Fie%3DUTF8%26ref_%3Dsv_ys_3&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/yourstore/iyr/?ie=UTF8&ref_=sv_ys_3 The user-controlled value was: /gp/yourstore/iyr/?ie=utf8&ref_=sv_ys_3 |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=cHeprgreEvleNxcpw6qQ7g%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=cHeprgreEvleNxcpw6qQ7g%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?language=EN_US&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcreatorhub The user-controlled value was: /ap/signin?language=en_us&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3a%2f%2fwww.amazon.com%2fcreatorhub |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Czxv0r4fsgCtUApC77nCZA%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=Czxv0r4fsgCtUApC77nCZA%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/he/ The user-controlled value was: /-/he/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=D2GoufXGvut9%2FZMuYkd9sQ%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fauth-redirect%2Fref%3Datv_auth_red_bef%3FreturnUrl%3D%2Fgp%2Fvideo%2Fmystuff%2Fref%253Datv_auth_red_aft&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=D2GoufXGvut9%2FZMuYkd9sQ%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fauth-redirect%2Fref%3Datv_auth_red_bef%3FreturnUrl%3D%2Fgp%2Fvideo%2Fmystuff%2Fref%253Datv_auth_red_aft&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/video/auth-redirect/ref=atv_auth_red_bef?returnUrl=/gp/video/mystuff/ref%3Datv_auth_red_aft The user-controlled value was: /gp/video/auth-redirect/ref=atv_auth_red_bef?returnurl=/gp/video/mystuff/ref%3datv_auth_red_aft |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=DnotI5d00ATvL%2FoB2Njr5w%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub%252F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=DnotI5d00ATvL%2FoB2Njr5w%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Flanguage%3DEN_US%26openid.assoc_handle%3Damzn_creatorportal_mobile_us%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D3600%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fcreatorhub%252F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?language=EN_US&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fcreatorhub%2F The user-controlled value was: /ap/signin?language=en_us&openid.assoc_handle=amzn_creatorportal_mobile_us&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=3600&openid.return_to=https%3a%2f%2fwww.amazon.com%2fcreatorhub%2f |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=E%2FKdDDIE0Gs6JwlreVZSrg%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=E%2FKdDDIE0Gs6JwlreVZSrg%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/he$ The user-controlled value was: /-/he$ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=eJOcfxJSLiZ0gj%2BmnQ4giQ%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=eJOcfxJSLiZ0gj%2BmnQ4giQ%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/product-availability/ The user-controlled value was: /dp/product-availability/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=eSdz%2BgPr%2BBR7xoxjOIfsSw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=eSdz%2BgPr%2BBR7xoxjOIfsSw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/product/e-mail-friend The user-controlled value was: /gp/product/e-mail-friend |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ESObOh2M%2BMzmGyC8otRToQ%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=ESObOh2M%2BMzmGyC8otRToQ%3D%3D&amzn-r=%2F145-5865731-3714800%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/145-5865731-3714800?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 The user-controlled value was: /145-5865731-3714800?%2aversion%2a=1&%2aentries%2a=0&ie=utf8 |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=f5ESAwpSkihjQPIl%2Bs9hlA%3D%3D&amzn-r=%2F%3Fref_%3Dfooter_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=f5ESAwpSkihjQPIl%2Bs9hlA%3D%3D&amzn-r=%2F%3Fref_%3Dfooter_logo&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/?ref_=footer_logo The user-controlled value was: /?ref_=footer_logo |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=FcYso%2F%2BzwFW3yW%2B%2Fwf7JMg%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=FcYso%2F%2BzwFW3yW%2B%2Fwf7JMg%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/customer-reviews/dynamic/sims-box The user-controlled value was: /gp/customer-reviews/dynamic/sims-box |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=fFfU2T%2FD4%2FQzYRxmhnr52g%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=fFfU2T%2FD4%2FQzYRxmhnr52g%3D%3D&amzn-r=%2F-%2Fhe%24&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/he$ The user-controlled value was: /-/he$ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Ffm%2BNimpxLDgRmnUlPCD%2FA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=Ffm%2BNimpxLDgRmnUlPCD%2FA%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/product/e-mail-friend The user-controlled value was: /gp/product/e-mail-friend |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ha10fxEJzSh0nMyxhNHj8Q%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=ha10fxEJzSh0nMyxhNHj8Q%3D%3D&amzn-r=%2Fdp%2Fshipping%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/shipping/ The user-controlled value was: /dp/shipping/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=HbRcpcErDWcoTPiIjQDrsw%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=HbRcpcErDWcoTPiIjQDrsw%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fdynamic%2Fsims-box&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/customer-reviews/dynamic/sims-box The user-controlled value was: /gp/customer-reviews/dynamic/sims-box |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=hWVbQrVPP60R%2FMEYDNFUqg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=hWVbQrVPP60R%2FMEYDNFUqg%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin The user-controlled value was: /ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fyourstore%2f%3fie%3dutf8%26ref_%3dnav_custrec_signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IBfhlLDppwFRNkZKaih9Tw%3D%3D&amzn-r=%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-sell%26node%3D12766669011%26ref_%3Dnav_cs_sell&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=IBfhlLDppwFRNkZKaih9Tw%3D%3D&amzn-r=%2Fb%2F%3F_encoding%3DUTF8%26ld%3DAZUSSOA-sell%26node%3D12766669011%26ref_%3Dnav_cs_sell&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/b/?_encoding=UTF8&ld=AZUSSOA-sell&node=12766669011&ref_=nav_cs_sell The user-controlled value was: /b/?_encoding=utf8&ld=azussoa-sell&node=12766669011&ref_=nav_cs_sell |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ic88goIdY908wj6AsV8uHQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=ic88goIdY908wj6AsV8uHQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin The user-controlled value was: /ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fyourstore%2f%3fie%3dutf8%26ref_%3dnav_ya_signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IgYhIcpecxxWcC1CwgCm6w%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=IgYhIcpecxxWcC1CwgCm6w%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/cdp/member-reviews/ The user-controlled value was: /gp/cdp/member-reviews/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=IKULlAVXx5%2B3JVfsoGdx7A%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=IKULlAVXx5%2B3JVfsoGdx7A%3D%3D&amzn-r=%2Fgp%2Forc%2Frml%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/orc/rml/ The user-controlled value was: /gp/orc/rml/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=itO3%2BJP6Ug64elgLVDhWQQ%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=itO3%2BJP6Ug64elgLVDhWQQ%3D%3D&amzn-r=%2Fgp%2Fcdp%2Fmember-reviews%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/cdp/member-reviews/ The user-controlled value was: /gp/cdp/member-reviews/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=jGyPq5xFSGjtlCbvS8hq8Q%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=jGyPq5xFSGjtlCbvS8hq8Q%3D%3D&amzn-r=%2Fdp%2Fmanual-submit%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/manual-submit/ The user-controlled value was: /dp/manual-submit/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=L5KXWOaTj0isegvpVanBeg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fhome%2F%3Fie%3DUTF8%26ref_%3Dtopnav_storetab_ys&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=L5KXWOaTj0isegvpVanBeg%3D%3D&amzn-r=%2Fgp%2Fyourstore%2Fhome%2F%3Fie%3DUTF8%26ref_%3Dtopnav_storetab_ys&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/yourstore/home/?ie=UTF8&ref_=topnav_storetab_ys The user-controlled value was: /gp/yourstore/home/?ie=utf8&ref_=topnav_storetab_ys |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=lmOkLtqxprRCC9EF%2FZOFHQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=lmOkLtqxprRCC9EF%2FZOFHQ%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/customer-reviews/common/du The user-controlled value was: /gp/customer-reviews/common/du |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=moJ2W1sEIk5sorRfxeE4jw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=moJ2W1sEIk5sorRfxeE4jw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fe-mail-friend&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/product/e-mail-friend The user-controlled value was: /gp/product/e-mail-friend |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=nC%2BIi4ovQgV0mddORPTlFg%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=nC%2BIi4ovQgV0mddORPTlFg%3D%3D&amzn-r=%2F-%2Fzh_TW%24&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/zh_TW$ The user-controlled value was: /-/zh_tw$ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=NprXEQdwV%2BMflR6xPECeGA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=NprXEQdwV%2BMflR6xPECeGA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_custrec_signin The user-controlled value was: /ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgcx%2f-%2fgfhz%2fadd-wishlist%2f%3f_encoding%3dutf8%26ref_%3dnav_custrec_signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=oCXu0M3f0U%2BzmrEAPhaLTQ%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=oCXu0M3f0U%2BzmrEAPhaLTQ%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/rate-this-item/ The user-controlled value was: /dp/rate-this-item/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=ODTLp74NeoowmDKyrtofhQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=ODTLp74NeoowmDKyrtofhQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fyourstore%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_newcust&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fyourstore%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_newcust The user-controlled value was: /ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fyourstore%2f%3fie%3dutf8%26ref_%3dnav_custrec_newcust |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=PBV26dQb2Y1INzjq5mIGOg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=PBV26dQb2Y1INzjq5mIGOg%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fmystuff&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/video/mystuff The user-controlled value was: /gp/video/mystuff |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=qJp9aWa6EQ0ORMOoPRQ6RA%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=qJp9aWa6EQ0ORMOoPRQ6RA%3D%3D&amzn-r=%2Fdp%2Frate-this-item%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/rate-this-item/ The user-controlled value was: /dp/rate-this-item/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=qootGElqNGNfpg%2Bx7sUGqw%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=qootGElqNGNfpg%2Bx7sUGqw%3D%3D&amzn-r=%2Fgp%2Fvideo%2Fsettings&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/video/settings The user-controlled value was: /gp/video/settings |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=r6Uog%2FdbGV4fFmxHdfuShg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=r6Uog%2FdbGV4fFmxHdfuShg%3D%3D&amzn-r=%2Freviews%2Fiframe&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/reviews/iframe The user-controlled value was: /reviews/iframe |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=RjMI0bt%2BzVNA3JMjMzJg2Q%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=RjMI0bt%2BzVNA3JMjMzJg2Q%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fregister%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_newcust&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust The user-controlled value was: /ap/register?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgcx%2f-%2fgfhz%2fadd-wishlist%2f%3f_encoding%3dutf8%26ref_%3dnav_newcust |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=roxXxt79k1e3OYCnTuWDqQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=roxXxt79k1e3OYCnTuWDqQ%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_custrec_signin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_custrec_signin The user-controlled value was: /ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fhistory%2f%3fie%3dutf8%26ref_%3dnav_custrec_signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=sM62fbadJtqMKBmZutzqTQ%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=sM62fbadJtqMKBmZutzqTQ%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/product/product-availability The user-controlled value was: /gp/product/product-availability |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=SOJEh0g5GNh3yz21vEi58w%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=SOJEh0g5GNh3yz21vEi58w%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/zh_TW/ The user-controlled value was: /-/zh_tw/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/es/ The user-controlled value was: /-/es/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=TPrVoS7TZJKBS8yyPCheYw%3D%3D&amzn-r=%2F-%2Fhe%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/he/ The user-controlled value was: /-/he/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=TWOp0asBI%2FWBWTIkLTtsjA%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=TWOp0asBI%2FWBWTIkLTtsjA%3D%3D&amzn-r=%2Fgp%2Fcustomer-reviews%2Fcommon%2Fdu&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/customer-reviews/common/du The user-controlled value was: /gp/customer-reviews/common/du |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=UHco0R4f7vMNkEDM0GQbJA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=UHco0R4f7vMNkEDM0GQbJA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_signin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_signin The user-controlled value was: /ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fhistory%2f%3fie%3dutf8%26ref_%3dnav_signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=uppjsyIHBaraQddL4MAISw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=uppjsyIHBaraQddL4MAISw%3D%3D&amzn-r=%2F-%2Fes%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/es/ The user-controlled value was: /-/es/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Uqe%2Bj44L232HSBHTqi%2FQzA%3D%3D&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=Uqe%2Bj44L232HSBHTqi%2FQzA%3D%3D&amzn-r=%2Fap%2Fsignin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin The user-controlled value was: /ap/signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=UQmQcTwDE1aALXI5YMgUmg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=UQmQcTwDE1aALXI5YMgUmg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/socialmedia/giveaways The user-controlled value was: /gp/socialmedia/giveaways |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=v74vI2HNtwdsMew0%2BCa4yg%3D%3D&amzn-r=%2Fgp%2Fentity-alert%2Fexternal%3Fue_back%3D1&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=v74vI2HNtwdsMew0%2BCa4yg%3D%3D&amzn-r=%2Fgp%2Fentity-alert%2Fexternal%3Fue_back%3D1&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/entity-alert/external?ue_back=1 The user-controlled value was: /gp/entity-alert/external?ue_back=1 |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VMnQX6Wwf9aoBCz%2FnmLPHg%3D%3D&amzn-r=%2Fref%3Dcs_503_logo&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=VMnQX6Wwf9aoBCz%2FnmLPHg%3D%3D&amzn-r=%2Fref%3Dcs_503_logo&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ref=cs_503_logo The user-controlled value was: /ref=cs_503_logo |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=VpYg%2FzqJm%2BlfCHmQSz%2Bi%2FA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=VpYg%2FzqJm%2BlfCHmQSz%2Bi%2FA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgcx%252F-%252Fgfhz%252Fadd-wishlist%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgcx%2F-%2Fgfhz%2Fadd-wishlist%2F%3F_encoding%3DUTF8%26ref_%3Dnav_ya_signin The user-controlled value was: /ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgcx%2f-%2fgfhz%2fadd-wishlist%2f%3f_encoding%3dutf8%26ref_%3dnav_ya_signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=WKtfmT6sXhu4UctX4MQXpw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=WKtfmT6sXhu4UctX4MQXpw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/product/product-availability The user-controlled value was: /gp/product/product-availability |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=wmaWYeM7tTV892Nv5IT%2Brw%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=wmaWYeM7tTV892Nv5IT%2Brw%3D%3D&amzn-r=%2F-%2Fzh_TW%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/-/zh_TW/ The user-controlled value was: /-/zh_tw/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=WU2u70mTqqsTO3A7Q01gmQ%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=WU2u70mTqqsTO3A7Q01gmQ%3D%3D&amzn-r=%2Fdp%2Fe-mail-friend%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/e-mail-friend/ The user-controlled value was: /dp/e-mail-friend/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=wW1ICK07PtAJyLMWPtekow%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=wW1ICK07PtAJyLMWPtekow%3D%3D&amzn-r=%2Fproduct-reviews%2FB0069IY63Y&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/product-reviews/B0069IY63Y The user-controlled value was: /product-reviews/b0069iy63y |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=xqei7DKY8jFewDqaI%2BL31g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=xqei7DKY8jFewDqaI%2BL31g%3D%3D&amzn-r=%2F132-3165371-6872408%3F%252AVersion%252A%3D1%26%252Aentries%252A%3D0%26ie%3DUTF8&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/132-3165371-6872408?%2AVersion%2A=1&%2Aentries%2A=0&ie=UTF8 The user-controlled value was: /132-3165371-6872408?%2aversion%2a=1&%2aentries%2a=0&ie=utf8 |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yGcmbher93sEDsbGY%2BmhpA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=yGcmbher93sEDsbGY%2BmhpA%3D%3D&amzn-pt=AuthenticationPortal&amzn-r=%2Fap%2Fsignin%3Fopenid.assoc_handle%3Dusflex%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.pape.max_auth_age%3D0%26openid.return_to%3Dhttps%253A%252F%252Fwww.amazon.com%252Fgp%252Fhistory%252F%253Fie%253DUTF8%2526ref_%253Dnav_ya_signin&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fhistory%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin The user-controlled value was: /ap/signin?openid.assoc_handle=usflex&openid.claimed_id=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.identity=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0%2fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0&openid.pape.max_auth_age=0&openid.return_to=https%3a%2f%2fwww.amazon.com%2fgp%2fhistory%2f%3fie%3dutf8%26ref_%3dnav_ya_signin |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yIpcu%2ByTIT%2BGhSDjfI7iNA%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=yIpcu%2ByTIT%2BGhSDjfI7iNA%3D%3D&amzn-r=%2Fdp%2Fproduct-availability%2F&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/product-availability/ The user-controlled value was: /dp/product-availability/ |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=yu6%2FEfW%2FwPCqmg47siCmZw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=yu6%2FEfW%2FwPCqmg47siCmZw%3D%3D&amzn-r=%2Fgp%2Fproduct%2Fproduct-availability&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/product/product-availability The user-controlled value was: /gp/product/product-availability |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=zeQeO2v0hNNZMPEQzdgpPg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=zeQeO2v0hNNZMPEQzdgpPg%3D%3D&amzn-r=%2Fgp%2Fsocialmedia%2Fgiveaways&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/socialmedia/giveaways The user-controlled value was: /gp/socialmedia/giveaways |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=Zl3unZKkp2iFjlOckDEA6Q%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=Zl3unZKkp2iFjlOckDEA6Q%3D%3D&amzn-r=%2Fgp%2Fproduct%2Frate-this-item&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/gp/product/rate-this-item The user-controlled value was: /gp/product/rate-this-item |
| URL | https://www.amazon.com/errors/validateCaptcha?amzn=zWHXuJMe95diKgc3YS%2BIAQ%3D%3D&amzn-r=%2Fdp%2FB07984JN3L%3Fie%3DUTF-8%26plattr%3DACOMFO&field-keywords=ZAP |
| Method | GET |
| Parameter | amzn-r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/errors/validateCaptcha?amzn=zWHXuJMe95diKgc3YS%2BIAQ%3D%3D&amzn-r=%2Fdp%2FB07984JN3L%3Fie%3DUTF-8%26plattr%3DACOMFO&field-keywords=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: amzn-r=/dp/B07984JN3L?ie=UTF-8&plattr=ACOMFO The user-controlled value was: /dp/b07984jn3l?ie=utf-8&plattr=acomfo |
| URL | https://www.amazon.com/Giegxin-Natural-Tropical-Hawaiian-Costume/dp/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | psc |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Giegxin-Natural-Tropical-Hawaiian-Costume/dp/B0BX2MXBH1/ref=nta-top-sellers_d_sccl_1_2/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: psc=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc |
| Method | GET |
| Parameter | ref_ |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/gift-cards/b/?ie=UTF8&node=2238192011&ref_=nav_cs_gc appears to include user input in: a(n) [a] tag [data-csa-c-content-id] attribute The user input found was: ref_=nav_cs_gc The user-controlled value was: nav_cs_gc |
| URL | https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry |
| Method | GET |
| Parameter | ref_ |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/gp/browse.html?node=16115931011&ref_=nav_cs_registry appears to include user input in: a(n) [a] tag [data-csa-c-content-id] attribute The user input found was: ref_=nav_cs_registry The user-controlled value was: nav_cs_registry |
| URL | https://www.amazon.com/gp/customer-reviews/write-a-review.html?ue_back=1 |
| Method | GET |
| Parameter | ue_back |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/gp/customer-reviews/write-a-review.html?ue_back=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: ue_back=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/gp/entity-alert/external?ue_back=1 |
| Method | GET |
| Parameter | ue_back |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/gp/entity-alert/external?ue_back=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: ue_back=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb |
| Method | GET |
| Parameter | ref_ |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/gp/goldbox?ref_=nav_cs_gb appears to include user input in: a(n) [a] tag [data-csa-c-content-id] attribute The user input found was: ref_=nav_cs_gb The user-controlled value was: nav_cs_gb |
| URL | https://www.amazon.com/gp/yourstore/recs/get?ue_back=1 |
| Method | GET |
| Parameter | ue_back |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/gp/yourstore/recs/get?ue_back=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: ue_back=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/hz/mycd/myx?pageType=content&ref_=nav_AccountFlyout_myk |
| Method | GET |
| Parameter | pageType |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/hz/mycd/myx?pageType=content&ref_=nav_AccountFlyout_myk appears to include user input in: a(n) [meta] tag [http-equiv] attribute The user input found was: pageType=content The user-controlled value was: content-type |
| URL | https://www.amazon.com/hz/wishlist/get?ue_back=1 |
| Method | GET |
| Parameter | ue_back |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/hz/wishlist/get?ue_back=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: ue_back=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/Iron-Flame-Empyrean-Rebecca-Yarros/dp/1649374178/ref=nta-top-sellers_d_sccl_1_5/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | psc |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Iron-Flame-Empyrean-Rebecca-Yarros/dp/1649374178/ref=nta-top-sellers_d_sccl_1_5/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=1649374178&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: psc=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/Master-Lock-8417D-Python-Keyed/dp/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | psc |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Master-Lock-8417D-Python-Keyed/dp/B000XTPNZK/ref=nta-top-sellers_d_sccl_1_3/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: psc=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/Nittaku-3-stars-Premium-Table-Tennis/dp/B017VPIY4U/ref=nta-top-sellers_d_sccl_1_7/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | psc |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Nittaku-3-stars-Premium-Table-Tennis/dp/B017VPIY4U/ref=nta-top-sellers_d_sccl_1_7/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: psc=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/Nokia-Unlocked-Hotspot-Assistant-Charcoal/dp/B08SV2Y7J6/ref=nta-top-sellers_d_sccl_1_6/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | psc |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Nokia-Unlocked-Hotspot-Assistant-Charcoal/dp/B08SV2Y7J6/ref=nta-top-sellers_d_sccl_1_6/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: psc=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | pf_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 appears to include user input in: a(n) [a] tag [aria-label] attribute The user input found was: pf_rd_i=deals The user-controlled value was: deals on musical instruments outlet - see more |
| URL | https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 |
| Method | GET |
| Parameter | pf_rd_m |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/outlet/ref=OUT_TD_EN_US/ref=cg_outtdad_1a1_w?pf_rd_i=deals&pf_rd_m=ATVPDKIKX0DER&pf_rd_p=292dbca4-faaa-4fd0-88a3-fc3b1cb6f4be&pf_rd_r=QVAAGKRY13968VZP707Y&pf_rd_s=slot-17&pf_rd_t=0 appears to include user input in: a(n) [div] tag [data-marketplaceid] attribute The user input found was: pf_rd_m=ATVPDKIKX0DER The user-controlled value was: atvpdkikx0der |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | content-id |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [div] tag [data-csa-c-content-id] attribute The user input found was: content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e The user-controlled value was: amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | content-id |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e The user-controlled value was: amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it bug zapper - fly zapper racket - rechargeable bug zapper racket, 4,000 volt, usb charging cable, 2 pack |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it bug zapper battery powered (2xaa included) bug zapper racket, 3,500 volt, 2 pack |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it bug zapper rechargeable bug zapper racket, electric fly swatter, mosquito zapper, 4,000 volt, usb charging cable, 2... |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it electric fly swatter racket & mosquito zapper - high duty battery powered 3,500 volt electric bug zapper racket - f... |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it electric indoor bug zapper (2,800 volt) plug-in 360 degree mosquito, bug, and insect killer, non-toxic attractant u... |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it! bug zapper rechargeable bug zapper racket w/ blue light attractant, 4,000 volt, usb charging cable |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it! bug zapper rechargeable bug zapper racket, 4,000 volt, usb charging cable, 2 pack |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it! electric bug zapper lantern - indoor and outdoor plug-in 360 degree mosquito control, insect and fly killers | uv ... |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it! electric fly swatter racket & mosquito zapper - high duty 4,000 volt electric bug zapper indoor racket - fly kille... |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it! electric fly swatter racket & mosquito zapper - high duty 4,000 volt electric bug zapper racket - fly killer usb r... |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it! electric fly swatter racket & mosquito zapper with blue light attractant - high duty 4,000 volt electric bug zappe... |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it! electric fly swatter racket, mosquito & fly zapper racket - high duty 4,000 volt electric handheld bug zapper rack... |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zap it The user-controlled value was: zap it! mini bug zapper - rechargeable mosquito, fly killer and bug zapper racket - flies killer indoor - 4,000 volt - usb... |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: k=zap it The user-controlled value was: zap it |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [li] tag [aria-label] attribute The user input found was: k=zap it The user-controlled value was: zap it! |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | pd_rd_r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632 The user-controlled value was: a7a5b49a-c952-4229-a6d2-c7291965b632 |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | pd_rd_w |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pd_rd_w=7QdyG The user-controlled value was: 7qdyg |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | pd_rd_wg |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pd_rd_wg=PvDpR The user-controlled value was: pvdpr |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | pf_rd_p |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e The user-controlled value was: 9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | pf_rd_r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT The user-controlled value was: zwh9fwwdx8kttppvj6ht |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zap+it&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_5 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=sugsr_5 The user-controlled value was: sugsr_5 |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | content-id |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [div] tag [data-csa-c-content-id] attribute The user input found was: content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e The user-controlled value was: amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | content-id |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e The user-controlled value was: amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=zapper The user-controlled value was: zapper |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: k=zapper The user-controlled value was: zapper |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | pd_rd_r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632 The user-controlled value was: a7a5b49a-c952-4229-a6d2-c7291965b632 |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | pd_rd_w |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pd_rd_w=7QdyG The user-controlled value was: 7qdyg |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | pd_rd_wg |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pd_rd_wg=PvDpR The user-controlled value was: pvdpr |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | pf_rd_p |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e The user-controlled value was: 9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | pf_rd_r |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT The user-controlled value was: zwh9fwwdx8kttppvj6ht |
| URL | https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s/?content-id=amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e:amzn1.sym.9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&k=zapper&pd_rd_r=a7a5b49a-c952-4229-a6d2-c7291965b632&pd_rd_w=7QdyG&pd_rd_wg=PvDpR&pf_rd_p=9bbe09a5-e2ce-4594-80e8-ad6153d0ea3e&pf_rd_r=ZWH9FWWDX8KTTPPVJ6HT&qid=1701867726&ref=sugsr_4 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=sugsr_4 The user-controlled value was: sugsr_4 |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: k=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=sr_nr_p_36_5 The user-controlled value was: sr_nr_p_36_5 |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | rh |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: rh=n:2972638011,p_36:2661616011 The user-controlled value was: n:2972638011,p_36:2661616011 |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | rnid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: rnid=2661611011 The user-controlled value was: 2661611011 |
| URL | https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 |
| Method | GET |
| Parameter | rnid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3Ah3Jaj5Ppn8moXe4FXxZ%2FPq3k9kbi2jaWw0jDDxGxmPM&k=ZAP&qid=1701867726&ref=sr_nr_p_36_5&rh=n%3A2972638011%2Cp_36%3A2661616011&rnid=2661611011 appears to include user input in: a(n) [ul] tag [data-csa-c-content-id] attribute The user input found was: rnid=2661611011 The user-controlled value was: 2661611011 |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: k=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=sr_nr_p_n_feature_two_browse-bin_4 The user-controlled value was: sr_nr_p_n_feature_two_browse-bin_4 |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | rh |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: rh=n:3738021,p_n_feature_two_browse-bin:116624668011 The user-controlled value was: n:3738021,p_n_feature_two_browse-bin:116624668011 |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | rnid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: rnid=116623716011 The user-controlled value was: 116623716011 |
| URL | https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 |
| Method | GET |
| Parameter | rnid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AM%2F70U6nXTogKup%2FNLedqQkhWuICxVyxhHQ5vaK93WGU&k=ZAP&qid=1701867726&ref=sr_nr_p_n_feature_two_browse-bin_4&rh=n%3A3738021%2Cp_n_feature_two_browse-bin%3A116624668011&rnid=116623716011 appears to include user input in: a(n) [ul] tag [data-csa-c-content-id] attribute The user input found was: rnid=116623716011 The user-controlled value was: 116623716011 |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it bug zapper - fly zapper racket - rechargeable bug zapper racket, 4,000 volt, usb charging cable, 2 pack |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it bug zapper rechargeable bug zapper racket, electric fly swatter, mosquito zapper, 4,000 volt, usb charging cable, 2... |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it electric fly swatter racket & mosquito zapper - high duty battery powered 3,500 volt electric bug zapper racket - f... |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it electric indoor bug zapper (2,800 volt) plug-in 360 degree mosquito, bug, and insect killer, non-toxic attractant u... |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it! bug zapper rechargeable bug zapper racket w/ blue light attractant, 4,000 volt, usb charging cable |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it! bug zapper rechargeable bug zapper racket, 4,000 volt, usb charging cable, 2 pack |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it! electric bug zapper lantern - indoor and outdoor plug-in 360 degree mosquito control, insect and fly killers | uv ... |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it! electric fly swatter racket & mosquito zapper - high duty 4,000 volt electric bug zapper racket - fly killer usb r... |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it! electric fly swatter racket & mosquito zapper with blue light attractant - high duty 4,000 volt electric bug zappe... |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it! electric fly swatter racket, mosquito & fly zapper racket - high duty 4,000 volt electric handheld bug zapper rack... |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap it! mini bug zapper - rechargeable mosquito, fly killer and bug zapper racket - flies killer indoor - 4,000 volt - usb... |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: k=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [li] tag [aria-label] attribute The user input found was: k=ZAP The user-controlled value was: zap it! |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=sr_nr_p_89_1 The user-controlled value was: sr_nr_p_89_1 |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | rh |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: rh=n:2972638011,p_89:ZAP IT! The user-controlled value was: n:2972638011,p_89:zap it! |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | rnid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: rnid=2528832011 The user-controlled value was: 2528832011 |
| URL | https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 |
| Method | GET |
| Parameter | rnid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3ArrbsqbqV2V%2B1OmUPnMEC62aq8ZyoUF7GS5bUlh3Qhxw&k=ZAP&qid=1701867726&ref=sr_nr_p_89_1&rh=n%3A2972638011%2Cp_89%3AZAP+IT%21&rnid=2528832011 appears to include user input in: a(n) [ul] tag [data-csa-c-content-id] attribute The user input found was: rnid=2528832011 The user-controlled value was: 2528832011 |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap fitness: proven training methods for distance running success |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: k=ZAP The user-controlled value was: zap squad and the sands of time |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: k=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=sr_nr_n_3 The user-controlled value was: sr_nr_n_3 |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | rh |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: rh=n:2625373011,n:2649512011 The user-controlled value was: n:2625373011,n:2649512011 |
| URL | https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 |
| Method | GET |
| Parameter | rnid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?dc&ds=v1%3AyiiXIf5DVcq%2BHp%2BuK6jgmjkS2iPvMY6Q0NBN1Hu9QnE&k=ZAP&qid=1701867726&ref=sr_nr_n_3&rh=n%3A2625373011%2Cn%3A2649512011&rnid=2941120011 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: rnid=2941120011 The user-controlled value was: 2941120011 |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap all time progressive brush long-lasting straightening |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap cloth - streak free, spot free - 3 cloths |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap extreme straight formaldehyde free kit 2x1l | brazilian keratin treatment | progressive brush | volume reducer | 100% ... |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it bug zapper - fly zapper racket - rechargeable bug zapper racket, 4,000 volt, usb charging cable, 2 pack |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it electric fly swatter racket & mosquito zapper - high duty battery powered 3,500 volt electric bug zapper racket - f... |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it electric indoor bug zapper (2,800 volt) plug-in 360 degree mosquito, bug, and insect killer, non-toxic attractant u... |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it! bug zapper rechargeable bug zapper racket w/ blue light attractant, 4,000 volt, usb charging cable |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it! bug zapper rechargeable bug zapper racket, 4,000 volt, usb charging cable, 2 pack |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it! electric bug zapper lantern - indoor and outdoor plug-in 360 degree mosquito control, insect and fly killers | uv ... |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it! electric fly swatter racket & mosquito zapper - high duty 4,000 volt electric bug zapper racket - fly killer usb r... |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it! electric fly swatter racket & mosquito zapper with blue light attractant - high duty 4,000 volt electric bug zappe... |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it! electric fly swatter racket, mosquito & fly zapper racket - high duty 4,000 volt electric handheld bug zapper rack... |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it! mini bug zapper - rechargeable mosquito, fly killer and bug zapper racket - flies killer indoor - 4,000 volt - usb... |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap mask ztox softness nourish discipline professional use 950g/33.51 oz |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap! |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap: a play. revised edition. |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [img] tag [alt] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zapped |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [input] tag [value] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | field-keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [li] tag [aria-label] attribute The user input found was: field-keywords=ZAP The user-controlled value was: zap it! |
| URL | https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?field-keywords=ZAP&ref=cs_503_search appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=cs_503_search The user-controlled value was: cs_503_search |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: k=zap bottle The user-controlled value was: zap bottle |
| URL | https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?k=zap+bottle&ref=sr_nr_p_cosmo_multi_pt_19 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=sr_nr_p_cosmo_multi_pt_19 The user-controlled value was: sr_nr_p_cosmo_multi_pt_19 |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: k=zap bracelet The user-controlled value was: zap bracelet |
| URL | https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?k=zap+bracelet&ref=sr_nr_p_cosmo_multi_pt_17 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=sr_nr_p_cosmo_multi_pt_17 The user-controlled value was: sr_nr_p_cosmo_multi_pt_17 |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | k |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: k=zap walking stick The user-controlled value was: zap walking stick |
| URL | https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 |
| Method | GET |
| Parameter | ref |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/s?k=zap+walking+stick&ref=sr_nr_p_cosmo_multi_pt_6 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ref=sr_nr_p_cosmo_multi_pt_6 The user-controlled value was: sr_nr_p_cosmo_multi_pt_6 |
| URL | https://www.amazon.com/Seiddons-Christmas-Velvet-Unisex-Clause/dp/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | psc |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Seiddons-Christmas-Velvet-Unisex-Clause/dp/B0BBPJ1PW6/ref=nta-top-sellers_d_sccl_1_1/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: psc=1 The user-controlled value was: ie=edge,chrome=1 |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: keywords=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | qid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 appears to include user input in: a(n) [input] tag [data-qid] attribute The user input found was: qid=1701867726 The user-controlled value was: 1701867726 |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | qid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: qid=1701867726 The user-controlled value was: 1701867726 |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | sr |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 appears to include user input in: a(n) [input] tag [data-sr] attribute The user input found was: sr=8-35 The user-controlled value was: 8-35 |
| URL | https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 |
| Method | GET |
| Parameter | sr |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/TREND-ENTERPRISES-Reinforce-Subtraction-Probability/dp/B001JTOOEO/ref=sr_1_35?keywords=ZAP&qid=1701867726&sr=8-35 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: sr=8-35 The user-controlled value was: 8-35 |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | keywords |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: keywords=ZAP The user-controlled value was: zap |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | qid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 appears to include user input in: a(n) [input] tag [data-qid] attribute The user input found was: qid=1701867726 The user-controlled value was: 1701867726 |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | qid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: qid=1701867726 The user-controlled value was: 1701867726 |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | sr |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 appears to include user input in: a(n) [input] tag [data-sr] attribute The user input found was: sr=8-40 The user-controlled value was: 8-40 |
| URL | https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 |
| Method | GET |
| Parameter | sr |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/Zapper-Electric-Indoor-Insect-Mosquito/dp/B01N5TCXWM/ref=sr_1_40?keywords=ZAP&qid=1701867726&sr=8-40 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: sr=8-40 The user-controlled value was: 8-40 |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-atomic] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-is-sponsored-label-active] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-sponsored] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-use-inline-experience] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [input] tag [value] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [data-a-strike] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | items[0.base][asin] |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: items[0.base][asin]=B0BBPJ1PW6 The user-controlled value was: b0bbpj1pw6 |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_1_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BBPJ1PW6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: pd_rd_i=B0BBPJ1PW6 The user-controlled value was: b0bbpj1pw6 |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-atomic] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-is-sponsored-label-active] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-sponsored] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-use-inline-experience] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [input] tag [value] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [data-a-strike] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | items[0.base][asin] |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: items[0.base][asin]=B0BX2MXBH1 The user-controlled value was: b0bx2mxbh1 |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_2_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BX2MXBH1&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: pd_rd_i=B0BX2MXBH1 The user-controlled value was: b0bx2mxbh1 |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-atomic] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-is-sponsored-label-active] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-sponsored] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-use-inline-experience] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [input] tag [value] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [data-a-strike] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | items[0.base][asin] |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: items[0.base][asin]=B000XTPNZK The user-controlled value was: b000xtpnzk |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_3_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B000XTPNZK&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: pd_rd_i=B000XTPNZK The user-controlled value was: b000xtpnzk |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-atomic] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-is-sponsored-label-active] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-sponsored] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-use-inline-experience] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [input] tag [value] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [data-a-strike] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | items[0.base][asin] |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: items[0.base][asin]=B0BB9BMD7F The user-controlled value was: b0bb9bmd7f |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_4_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: pd_rd_i=B0BB9BMD7F The user-controlled value was: b0bb9bmd7f |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-atomic] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-is-sponsored-label-active] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-sponsored] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-use-inline-experience] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [input] tag [value] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [data-a-strike] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | items[0.base][asin] |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: items[0.base][asin]=B08SV2Y7J6 The user-controlled value was: b08sv2y7j6 |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_6_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B08SV2Y7J6&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: pd_rd_i=B08SV2Y7J6 The user-controlled value was: b08sv2y7j6 |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-atomic] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-is-sponsored-label-active] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-sponsored] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-use-inline-experience] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [input] tag [value] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [data-a-strike] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | items[0.base][asin] |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: items[0.base][asin]=B017VPIY4U The user-controlled value was: b017vpiy4u |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_7_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B017VPIY4U&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: pd_rd_i=B017VPIY4U The user-controlled value was: b017vpiy4u |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [a] tag [data-ux-jq-mouseenter] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-atomic] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-is-sponsored-label-active] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-sponsored] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-use-inline-experience] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [input] tag [value] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [aria-hidden] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | isNeoAddToCart |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [span] tag [data-a-strike] attribute The user input found was: isNeoAddToCart=true The user-controlled value was: true |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | items[0.base][asin] |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: items[0.base][asin]=B096X8471C The user-controlled value was: b096x8471c |
| URL | https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC |
| Method | POST |
| Parameter | pd_rd_i |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/cart/add-to-cart/ref=nta-top-sellers_d_sccl_8_atc_a?_encoding=UTF8&content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B096X8471C&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC appears to include user input in: a(n) [div] tag [data-asin] attribute The user input found was: pd_rd_i=B096X8471C The user-controlled value was: b096x8471c |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | cross-context-behavioral-ads |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/privacyprefs?ref_=footer_iba appears to include user input in: a(n) [input] tag [value] attribute The user input found was: cross-context-behavioral-ads=on The user-controlled value was: on |
| URL | https://www.amazon.com/privacyprefs?ref_=footer_iba |
| Method | POST |
| Parameter | cross-context-behavioral-ads |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://www.amazon.com/privacyprefs?ref_=footer_iba appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: cross-context-behavioral-ads=on The user-controlled value was: on |
| Instances | 438 |
| Solution |
Validate all input and sanitize output it before writing to any HTML attributes.
|
| Reference | http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-html-attribute |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10031 |
|
Informational |
User Controllable JavaScript Event (XSS) |
|---|---|
| Description |
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
|
| URL | https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1 |
| Method | GET |
| Parameter | psc |
| Attack | |
| Evidence | |
| Other Info | User-controlled javascript event(s) was found. Exploitability will need to be manually determined. The page at the following URL: https://www.amazon.com/Christmas-Adults-Velvet-Winter-Costume/dp/B0BB9BMD7F/ref=nta-top-sellers_d_sccl_1_4/147-4280155-9611859?content-id=amzn1.sym.6a66b90b-ff21-4adc-933b-819537ba9583&pd_rd_i=B0BB9BMD7F&pd_rd_r=b2bea4d0-6675-424f-a5a8-84f64d340639&pd_rd_w=gF1gR&pd_rd_wg=6xF9n&pf_rd_p=6a66b90b-ff21-4adc-933b-819537ba9583&pf_rd_r=SR1A78F8ZX5RPSV4D6CC&psc=1" includes the following Javascript event which may be attacker-controllable: User-input was found in the following data of an [onclick] event: return recordHelpAndNavigate(function() {amz_js_PopWin(this.href,'AmazonHelp','width=550,height=550,resizable=1,scrollbars=1,toolbar=0,status=0');}) The user input was: 1 |
| Instances | 1 |
| Solution |
Validate all input and sanitize output it before writing to any Javascript on* events.
|
| Reference | http://websecuritytool.codeplex.com/wikipage?title=Checks#user-javascript-event |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10043 |